diff --git a/docs/data-sources/cluster.md b/docs/data-sources/cluster.md index 2cd25c80..ebb1dfc5 100644 --- a/docs/data-sources/cluster.md +++ b/docs/data-sources/cluster.md @@ -48,7 +48,6 @@ The following attributes are exported: * `cluster_template_id` - (Computed) Cluster template ID (string) * `cluster_template_questions` - (Computed) Cluster template questions (list) * `cluster_template_revision_id` - (Computed) Cluster template revision ID (string) -* `default_pod_security_policy_template_id` - (Optional/Computed) [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) * `enable_network_policy` - (Computed) Enable project network isolation. Default `false` (bool) * `enable_cluster_istio` - (Computed) Enable built-in cluster istio. Default `false` (bool) * `fleet_workspace_name` - (Computed) Fleet workspace name (string) diff --git a/docs/data-sources/cluster_v2.md b/docs/data-sources/cluster_v2.md index e32133fc..a24f9143 100644 --- a/docs/data-sources/cluster_v2.md +++ b/docs/data-sources/cluster_v2.md @@ -35,7 +35,6 @@ The following attributes are exported: * `agent_env_vars` - (Computed) Optional Agent Env Vars for Rancher agent (list) * `rke_config` - (Computed) The RKE configuration for `k3s` and `rke2` Clusters v2. (list maxitems:1) * `cloud_credential_secret_name` - (Computed) Cluster V2 cloud credential secret name (string) -* `default_pod_security_policy_template_name` - (Computed) Cluster V2 default pod security policy template name (string) * `default_pod_security_admission_configuration_template_name` - (Computed) Cluster V2 default pod security admission configuration template name (string) * `default_cluster_role_for_project_members` - (Computed) Cluster V2 default cluster role for project members (string) * `enable_network_policy` - (Computed) Enable k8s network policy at Cluster V2 (bool) diff --git a/docs/data-sources/project.md b/docs/data-sources/project.md index 85fe972d..3ca97674 100644 --- a/docs/data-sources/project.md +++ b/docs/data-sources/project.md @@ -36,7 +36,6 @@ resource "kubernetes_namespace" "my_namespace" { * `id` - (Computed) Cluster-wide unique ID of the Rancher 2 project (string) * `container_resource_limit` - (Computed) Default containers resource limits on project (List maxitem:1) - * `pod_security_policy_template_id` - (Computed) Default Pod Security Policy ID for the project (string) * `resource_quota` - (Computed) Resource quota for project. Rancher v2.1.x or higher (list maxitems:1) * `uuid` - (Computed) UUID of the project as stored by Rancher 2 (string) * `description` - (Computed) The project's description (string) diff --git a/docs/resources/cluster.md b/docs/resources/cluster.md index fba08cbd..7f42c2c5 100644 --- a/docs/resources/cluster.md +++ b/docs/resources/cluster.md @@ -605,7 +605,6 @@ The following arguments are supported: * `cluster_template_id` - (Optional) Cluster template ID. For Rancher v2.3.x and above (string) * `cluster_template_questions` - (Optional/Computed) Cluster template questions. For Rancher v2.3.x and above (list) * `cluster_template_revision_id` - (Optional) Cluster template revision ID. For Rancher v2.3.x and above (string) -* `default_pod_security_policy_template_id` - (Optional/Computed) [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string) * `default_pod_security_admission_configuration_template_name` - (Optional/Computed) The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string) * `desired_agent_image` - (Optional/Computed) Desired agent image. For Rancher v2.3.x and above (string) * `desired_auth_image` - (Optional/Computed) Desired auth image. For Rancher v2.3.x and above (string) diff --git a/docs/resources/cluster_template.md b/docs/resources/cluster_template.md index 1233263f..3a8a7fc3 100644 --- a/docs/resources/cluster_template.md +++ b/docs/resources/cluster_template.md @@ -122,7 +122,6 @@ resource "rancher2_cluster_template" "foo" { * `cluster_auth_endpoint` - (Optional/Computed) Local cluster auth endpoint (list maxitems: 1) * `default_cluster_role_for_project_members` - (Optional/Computed) Default cluster role for project members (string) -* `default_pod_security_policy_template_id` - (Optional/Computed) Default pod security policy template ID (string) * `desired_agent_image` - (Optional/Computed) Desired agent image (string) * `desired_auth_image` - (Optional/Computed) Desired auth image (string) * `docker_root_dir` - (Optional/Computed) Desired auth image (string) diff --git a/docs/resources/cluster_v2.md b/docs/resources/cluster_v2.md index 0fa99499..c4b7f567 100644 --- a/docs/resources/cluster_v2.md +++ b/docs/resources/cluster_v2.md @@ -849,7 +849,6 @@ The following arguments are supported: * `rke_config` - (Optional/computed, list, max length: 1) The RKE configuration for the cluster. * `local_auth_endpoint` - (Optional, list, max length: 1) Local auth endpoint configures the Authorized Cluster Endpoint (ACE) which can be used to directly access the Kubernetes API server, without requiring communication through Rancher. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters#authorized-cluster-endpoint-support-for-rke2-and-k3s-clusters). * `cloud_credential_secret_name` - (Optional, string) Cloud credential secret name is the secret to be used when a cloud credential secret name is not specified at the machine pool level. -* `default_pod_security_policy_template_name` - (Optional, string) Default pod security policy template name specifies the default PSP for the cluster. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies). * `default_pod_security_admission_configuration_template_name` - (Optional, string) The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above. * `default_cluster_role_for_project_members` - (Optional, string) Default cluster role for project members. * `enable_network_policy` - (Optional, bool, default: false) Enable k8s network policy on the cluster. diff --git a/docs/resources/project.md b/docs/resources/project.md index 70bc41a0..a5a572e1 100644 --- a/docs/resources/project.md +++ b/docs/resources/project.md @@ -68,7 +68,6 @@ The following arguments are supported: * `cluster_id` - (Required) The cluster id where create project (string) * `container_resource_limit` - (Optional) Default containers resource limits on project (List maxitem:1) * `description` - (Optional) A project description (string) -* `pod_security_policy_template_id` - (Optional) Default Pod Security Policy ID for the project (string) * `resource_quota` - (Optional) Resource quota for project. Rancher v2.1.x or higher (list maxitems:1) * `wait_for_cluster` - (Optional) Wait for cluster becomes active. Default `false` (bool) * `annotations` - (Optional/Computed) Annotations for Node Pool object (map) diff --git a/rancher2/0_provider_upgrade_test.go b/rancher2/0_provider_upgrade_test.go index 1781f27a..10aa6f62 100644 --- a/rancher2/0_provider_upgrade_test.go +++ b/rancher2/0_provider_upgrade_test.go @@ -128,7 +128,6 @@ provider "rancher2" { ` + testAccRancher2NodeTemplateOpennebulaConfig + ` ` + testAccRancher2NodeTemplateOpenstack + ` ` + testAccRancher2NodeTemplateVsphere + ` -` + testAccCheckRancher2PodSecurityPolicyTemplate + ` ` + testAccRancher2ProjectRoleTemplateBinding + ` ` + testAccRancher2Project + ` ` + testAccRancher2Registry + ` @@ -170,7 +169,6 @@ provider "rancher2" { ` + testAccRancher2NodeTemplateOpennebulaConfig + ` ` + testAccRancher2NodeTemplateOpenstack + ` ` + testAccRancher2NodeTemplateVsphere + ` -` + testAccCheckRancher2PodSecurityPolicyTemplate + ` ` + testAccRancher2ProjectRoleTemplateBinding + ` ` + testAccRancher2Project + ` ` + testAccRancher2Registry + ` @@ -216,7 +214,6 @@ provider "rancher2" { ` + testAccRancher2NodeTemplateOpennebulaConfig + ` ` + testAccRancher2NodeTemplateOpenstack + ` ` + testAccRancher2NodeTemplateVsphere + ` -` + testAccCheckRancher2PodSecurityPolicyTemplate + ` ` + testAccRancher2ProjectRoleTemplateBinding + ` ` + testAccRancher2Project + ` ` + testAccRancher2Registry + ` @@ -266,7 +263,6 @@ provider "rancher2" { ` + testAccRancher2NodeTemplateOpennebulaConfig + ` ` + testAccRancher2NodeTemplateOpenstack + ` ` + testAccRancher2NodeTemplateVsphere + ` -` + testAccCheckRancher2PodSecurityPolicyTemplate + ` ` + testAccRancher2ProjectRoleTemplateBinding + ` ` + testAccRancher2Project + ` ` + testAccRancher2Registry + ` diff --git a/rancher2/data_source_rancher2_cluster.go b/rancher2/data_source_rancher2_cluster.go index 28f8619c..2976ddb0 100644 --- a/rancher2/data_source_rancher2_cluster.go +++ b/rancher2/data_source_rancher2_cluster.go @@ -171,11 +171,6 @@ func dataSourceRancher2Cluster() *schema.Resource { Computed: true, Description: "Cluster template revision ID", }, - "default_pod_security_policy_template_id": { - Type: schema.TypeString, - Computed: true, - Description: "Default pod security policy template ID", - }, "default_pod_security_admission_configuration_template_name": { Type: schema.TypeString, Optional: true, diff --git a/rancher2/data_source_rancher2_cluster_v2.go b/rancher2/data_source_rancher2_cluster_v2.go index bce67d48..236137c1 100644 --- a/rancher2/data_source_rancher2_cluster_v2.go +++ b/rancher2/data_source_rancher2_cluster_v2.go @@ -46,11 +46,6 @@ func dataSourceRancher2ClusterV2() *schema.Resource { Computed: true, Description: "Cluster V2 cloud credential secret name", }, - "default_pod_security_policy_template_name": { - Type: schema.TypeString, - Computed: true, - Description: "Cluster V2 default pod security policy template name", - }, "default_pod_security_admission_configuration_template_name": { Type: schema.TypeString, Computed: true, diff --git a/rancher2/data_source_rancher2_pod_security_policy_template.go b/rancher2/data_source_rancher2_pod_security_policy_template.go deleted file mode 100644 index c1503892..00000000 --- a/rancher2/data_source_rancher2_pod_security_policy_template.go +++ /dev/null @@ -1,28 +0,0 @@ -package rancher2 - -import ( - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" -) - -func dataSourceRancher2PodSecurityPolicyTemplate() *schema.Resource { - return &schema.Resource{ - Read: dataSourceRancher2PodSecurityPolicyTemplateRead, - Schema: podSecurityPolicyTemplateFields(), - } -} - -func dataSourceRancher2PodSecurityPolicyTemplateRead(d *schema.ResourceData, meta interface{}) error { - client, err := meta.(*Config).ManagementClient() - if err != nil { - return err - } - - name := d.Get("name").(string) - - pspt, err := client.PodSecurityPolicyTemplate.ByID(name) - if err != nil { - return err - } - - return flattenPodSecurityPolicyTemplate(d, pspt) -} diff --git a/rancher2/data_source_rancher2_pod_security_policy_template_test.go b/rancher2/data_source_rancher2_pod_security_policy_template_test.go deleted file mode 100644 index 4db9eb15..00000000 --- a/rancher2/data_source_rancher2_pod_security_policy_template_test.go +++ /dev/null @@ -1,29 +0,0 @@ -package rancher2 - -import ( - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/helper/resource" -) - -func TestAccRancher2PodSecurityPolicyTemplateDataSource(t *testing.T) { - testAccCheckRancher2PodSecurityPolicyTemplateDataSourceConfig := testAccCheckRancher2PodSecurityPolicyTemplate + ` -data "` + testAccRancher2PodSecurityPolicyTemplateType + `" "foo" { - name = rancher2_pod_security_policy_template.foo.name -} -` - name := "data." + testAccRancher2PodSecurityPolicyTemplateType + ".foo" - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccCheckRancher2PodSecurityPolicyTemplateDataSourceConfig, - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr(name, "name", "foo"), - resource.TestCheckResourceAttr(name, "description", "Terraform PodSecurityPolicyTemplate acceptance test"), - ), - }, - }, - }) -} diff --git a/rancher2/data_source_rancher2_project.go b/rancher2/data_source_rancher2_project.go index b8828869..b5cefca2 100644 --- a/rancher2/data_source_rancher2_project.go +++ b/rancher2/data_source_rancher2_project.go @@ -37,10 +37,6 @@ func dataSourceRancher2Project() *schema.Resource { Type: schema.TypeString, Computed: true, }, - "pod_security_policy_template_id": { - Type: schema.TypeString, - Computed: true, - }, "resource_quota": { Type: schema.TypeList, MaxItems: 1, @@ -143,8 +139,6 @@ func dataSourceRancher2ProjectRead(d *schema.ResourceData, meta interface{}) err } } - d.Set("pod_security_policy_template_id", project.PodSecurityPolicyTemplateName) - if project.ResourceQuota != nil && project.NamespaceDefaultResourceQuota != nil { resourceQuota := flattenProjectResourceQuota(project.ResourceQuota, project.NamespaceDefaultResourceQuota) err := d.Set("resource_quota", resourceQuota) diff --git a/rancher2/import_rancher2_pod_security_policy_template.go b/rancher2/import_rancher2_pod_security_policy_template.go deleted file mode 100644 index 5daee7a5..00000000 --- a/rancher2/import_rancher2_pod_security_policy_template.go +++ /dev/null @@ -1,14 +0,0 @@ -package rancher2 - -import ( - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" -) - -func resourceRancher2PodSecurityPolicyTemplateImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - err := resourceRancher2PodSecurityPolicyTemplateRead(d, meta) - if err != nil { - return []*schema.ResourceData{}, err - } - - return []*schema.ResourceData{d}, nil -} diff --git a/rancher2/provider.go b/rancher2/provider.go index eb3e3cde..6e3f19b6 100644 --- a/rancher2/provider.go +++ b/rancher2/provider.go @@ -144,7 +144,6 @@ func Provider() terraform.ResourceProvider { "rancher2_node_pool": resourceRancher2NodePool(), "rancher2_node_template": resourceRancher2NodeTemplate(), "rancher2_pod_security_admission_configuration_template": resourceRancher2PodSecurityAdmissionConfigurationTemplate(), - "rancher2_pod_security_policy_template": resourceRancher2PodSecurityPolicyTemplate(), "rancher2_project": resourceRancher2Project(), "rancher2_project_role_template_binding": resourceRancher2ProjectRoleTemplateBinding(), "rancher2_registry": resourceRancher2Registry(), @@ -179,7 +178,6 @@ func Provider() terraform.ResourceProvider { "rancher2_node_pool": dataSourceRancher2NodePool(), "rancher2_node_template": dataSourceRancher2NodeTemplate(), "rancher2_pod_security_admission_configuration_template": dataSourceRancher2PodSecurityAdmissionConfigurationTemplate(), - "rancher2_pod_security_policy_template": dataSourceRancher2PodSecurityPolicyTemplate(), "rancher2_principal": dataSourceRancher2Principal(), "rancher2_project": dataSourceRancher2Project(), "rancher2_project_role_template_binding": dataSourceRancher2ProjectRoleTemplateBinding(), diff --git a/rancher2/resource_rancher2_cluster.go b/rancher2/resource_rancher2_cluster.go index b4fd4fc6..f2deaa34 100644 --- a/rancher2/resource_rancher2_cluster.go +++ b/rancher2/resource_rancher2_cluster.go @@ -263,7 +263,6 @@ func resourceRancher2ClusterUpdate(d *schema.ResourceData, meta interface{}) err "clusterAgentDeploymentCustomization": clusterAgentDeploymentCustomization, "fleetAgentDeploymentCustomization": fleetAgentDeploymentCustomization, "description": d.Get("description").(string), - "defaultPodSecurityPolicyTemplateId": d.Get("default_pod_security_policy_template_id").(string), "defaultPodSecurityAdmissionConfigurationTemplateName": d.Get("default_pod_security_admission_configuration_template_name").(string), "desiredAgentImage": d.Get("desired_agent_image").(string), "desiredAuthImage": d.Get("desired_auth_image").(string), diff --git a/rancher2/resource_rancher2_pod_security_admission_configuration_template.go b/rancher2/resource_rancher2_pod_security_admission_configuration_template.go index 69abc26d..3700f69d 100644 --- a/rancher2/resource_rancher2_pod_security_admission_configuration_template.go +++ b/rancher2/resource_rancher2_pod_security_admission_configuration_template.go @@ -149,14 +149,6 @@ func resourceRancher2PodSecurityAdmissionConfigurationTemplateDelete(d *schema.R // a Rancher PodSecurityAdmissionConfiguration Template func podSecurityAdmissionConfigurationTemplateStateRefreshFunc(client *managementClient.Client, pspID string) resource.StateRefreshFunc { return func() (interface{}, string, error) { - obj, err := client.PodSecurityPolicyTemplate.ByID(pspID) - if err != nil { - if IsNotFound(err) || IsForbidden(err) { - return obj, "removed", nil - } - return nil, "", err - } - - return obj, "active", nil + return nil, "active", nil } } diff --git a/rancher2/resource_rancher2_pod_security_policy_template.go b/rancher2/resource_rancher2_pod_security_policy_template.go deleted file mode 100644 index 915232dc..00000000 --- a/rancher2/resource_rancher2_pod_security_policy_template.go +++ /dev/null @@ -1,155 +0,0 @@ -package rancher2 - -import ( - "fmt" - "log" - "time" - - "github.com/hashicorp/terraform-plugin-sdk/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -func resourceRancher2PodSecurityPolicyTemplate() *schema.Resource { - return &schema.Resource{ - Create: resourceRancher2PodSecurityPolicyTemplateCreate, - Read: resourceRancher2PodSecurityPolicyTemplateRead, - Update: resourceRancher2PodSecurityPolicyTemplateUpdate, - Delete: resourceRancher2PodSecurityPolicyTemplateDelete, - Importer: &schema.ResourceImporter{ - State: resourceRancher2PodSecurityPolicyTemplateImport, - }, - - Schema: podSecurityPolicyTemplateFields(), - Timeouts: &schema.ResourceTimeout{ - Create: schema.DefaultTimeout(10 * time.Minute), - Update: schema.DefaultTimeout(10 * time.Minute), - Delete: schema.DefaultTimeout(10 * time.Minute), - }, - } -} - -func resourceRancher2PodSecurityPolicyTemplateCreate(d *schema.ResourceData, meta interface{}) error { - podSecurityPolicyTemplate := expandPodSecurityPolicyTemplate(d) - - log.Printf("[INFO] Creating PodSecurityPolicyTemplate %s", podSecurityPolicyTemplate.Name) - - client, err := meta.(*Config).ManagementClient() - if err != nil { - return err - } - - newPodSecurityPolicyTemplate, err := client.PodSecurityPolicyTemplate.Create(podSecurityPolicyTemplate) - if err != nil { - return err - } - - d.SetId(newPodSecurityPolicyTemplate.ID) - - return resourceRancher2PodSecurityPolicyTemplateRead(d, meta) -} - -func resourceRancher2PodSecurityPolicyTemplateRead(d *schema.ResourceData, meta interface{}) error { - log.Printf("[INFO] Refreshing PodSecurityPolicyTemplate with ID %s", d.Id()) - client, err := meta.(*Config).ManagementClient() - if err != nil { - return err - } - - return resource.Retry(d.Timeout(schema.TimeoutRead), func() *resource.RetryError { - pspt, err := client.PodSecurityPolicyTemplate.ByID(d.Id()) - if err != nil { - if IsNotFound(err) || IsForbidden(err) { - log.Printf("[INFO] PodSecurityPolicyTemplate with ID %s not found.", d.Id()) - d.SetId("") - return nil - } - return resource.NonRetryableError(err) - } - - if err = flattenPodSecurityPolicyTemplate(d, pspt); err != nil { - return resource.NonRetryableError(err) - } - - return nil - }) -} - -func resourceRancher2PodSecurityPolicyTemplateUpdate(d *schema.ResourceData, meta interface{}) error { - log.Printf("[INFO] Updating PodSecurityPolicyTemplate with ID %s", d.Id()) - client, err := meta.(*Config).ManagementClient() - if err != nil { - return err - } - - pspt, err := client.PodSecurityPolicyTemplate.ByID(d.Id()) - if err != nil { - return err - } - - update := expandPodSecurityPolicyTemplate(d) - - _, err = client.PodSecurityPolicyTemplate.Update(pspt, update) - if err != nil { - return err - } - - return resourceRancher2PodSecurityPolicyTemplateRead(d, meta) -} - -func resourceRancher2PodSecurityPolicyTemplateDelete(d *schema.ResourceData, meta interface{}) error { - id := d.Id() - log.Printf("[INFO] Deleting PodSecurityPolicyTemplate with ID %s", id) - client, err := meta.(*Config).ManagementClient() - if err != nil { - return err - } - - pspt, err := client.PodSecurityPolicyTemplate.ByID(id) - if err != nil { - if IsNotFound(err) || IsForbidden(err) { - log.Printf("[INFO] PodSecurityPolicyTemplate with ID %s not found.", id) - d.SetId("") - return nil - } - return err - } - - err = client.PodSecurityPolicyTemplate.Delete(pspt) - if err != nil { - return fmt.Errorf("[ERROR] removing PodSecurityPolicyTemplate: %s", err) - } - - stateConf := &resource.StateChangeConf{ - Pending: []string{"active"}, - Target: []string{"removed"}, - Refresh: podSecurityPolicyTemplateStateRefreshFunc(client, id), - Timeout: d.Timeout(schema.TimeoutDelete), - Delay: 1 * time.Second, - MinTimeout: 3 * time.Second, - } - - _, waitErr := stateConf.WaitForState() - if waitErr != nil { - return fmt.Errorf( - "[ERROR] waiting for PodSecurityPolicyTemplate (%s) to be removed: %s", id, waitErr) - } - - d.SetId("") - return nil -} - -// podSecurityPolicyTemplateStateRefreshFunc returns a resource.StateRefreshFunc, used to watch a Rancher PodSecurityPolicyTemplate -func podSecurityPolicyTemplateStateRefreshFunc(client *managementClient.Client, pspID string) resource.StateRefreshFunc { - return func() (interface{}, string, error) { - obj, err := client.PodSecurityPolicyTemplate.ByID(pspID) - if err != nil { - if IsNotFound(err) || IsForbidden(err) { - return obj, "removed", nil - } - return nil, "", err - } - - return obj, "active", nil - } -} diff --git a/rancher2/resource_rancher2_pod_security_policy_template_test.go b/rancher2/resource_rancher2_pod_security_policy_template_test.go deleted file mode 100644 index 66da5a67..00000000 --- a/rancher2/resource_rancher2_pod_security_policy_template_test.go +++ /dev/null @@ -1,275 +0,0 @@ -package rancher2 - -import ( - "fmt" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/terraform" - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -const testAccRancher2PodSecurityPolicyTemplateType = "rancher2_pod_security_policy_template" - -var ( - testAccCheckRancher2PodSecurityPolicyTemplate = ` -resource "` + testAccRancher2PodSecurityPolicyTemplateType + `" "foo" { - name = "foo" - description = "Terraform PodSecurityPolicyTemplate acceptance test" - allow_privilege_escalation = false - allowed_csi_driver { - name = "something" - } - allowed_csi_driver { - name = "something-else" - } - allowed_flex_volume { - driver = "something" - } - allowed_flex_volume { - driver = "something-else" - } - allowed_host_path { - path_prefix = "/" - read_only = true - } - allowed_host_path { - path_prefix = "//" - read_only = false - } - allowed_proc_mount_types = ["Default"] - default_allow_privilege_escalation = false - fs_group { - rule = "MustRunAs" - range { - min = 0 - max = 100 - } - range { - min = 0 - max = 100 - } - } - host_ipc = false - host_network = false - host_pid = false - host_port { - min = 0 - max = 65535 - } - host_port { - min = 1024 - max = 8080 - } - privileged = false - read_only_root_filesystem = false - required_drop_capabilities = ["something"] - - run_as_user { - rule = "MustRunAs" - range { - min = 1 - max = 100 - } - range { - min = 2 - max = 1024 - } - } - run_as_group { - rule = "MustRunAs" - range { - min = 1 - max = 100 - } - range { - min = 2 - max = 1024 - } - } - runtime_class { - default_runtime_class_name = "something" - allowed_runtime_class_names = ["something"] - } - se_linux { - rule = "RunAsAny" - } - supplemental_group { - rule = "RunAsAny" - } - volumes = ["azureFile"] -} -` - testAccCheckRancher2PodSecurityPolicyTemplateUpdate = ` -resource "` + testAccRancher2PodSecurityPolicyTemplateType + `" "foo" { - name = "foo" - description = "Terraform PodSecurityPolicyTemplate acceptance test - updated" - allow_privilege_escalation = false - allowed_csi_driver { - name = "something" - } - allowed_csi_driver { - name = "something-else" - } - allowed_flex_volume { - driver = "something" - } - allowed_flex_volume { - driver = "something-else" - } - allowed_host_path { - path_prefix = "/" - read_only = true - } - allowed_host_path { - path_prefix = "//" - read_only = false - } - allowed_proc_mount_types = ["Default"] - default_allow_privilege_escalation = false - fs_group { - rule = "MustRunAs" - range { - min = 0 - max = 100 - } - range { - min = 0 - max = 100 - } - } - host_ipc = false - host_network = false - host_pid = false - host_port { - min = 0 - max = 65535 - } - host_port { - min = 1024 - max = 8080 - } - privileged = false - read_only_root_filesystem = false - required_drop_capabilities = ["something"] - - run_as_user { - rule = "MustRunAs" - range { - min = 1 - max = 100 - } - range { - min = 2 - max = 1024 - } - } - run_as_group { - rule = "MustRunAs" - range { - min = 1 - max = 100 - } - range { - min = 2 - max = 1024 - } - } - runtime_class { - default_runtime_class_name = "something" - allowed_runtime_class_names = ["something"] - } - se_linux { - rule = "RunAsAny" - } - supplemental_group { - rule = "RunAsAny" - } - volumes = ["azureFile"] -} -` -) - -func init() {} - -func TestAccRancher2PodSecurityPolicyTemplate_Basic(t *testing.T) { - var pspTemplate *managementClient.PodSecurityPolicyTemplate - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckRancher2PodSecurityPolicyTemplateDestroy, - Steps: []resource.TestStep{ - { - Config: testAccCheckRancher2PodSecurityPolicyTemplate, - Check: resource.ComposeTestCheckFunc( - testAccCheckRancher2NPodSecurityPolicyTemplateExists(testAccRancher2PodSecurityPolicyTemplateType+".foo", pspTemplate), - resource.TestCheckResourceAttr(testAccRancher2PodSecurityPolicyTemplateType+".foo", "name", "foo"), - resource.TestCheckResourceAttr(testAccRancher2PodSecurityPolicyTemplateType+".foo", "description", "Terraform PodSecurityPolicyTemplate acceptance test"), - ), - }, - { - Config: testAccCheckRancher2PodSecurityPolicyTemplateUpdate, - Check: resource.ComposeTestCheckFunc( - testAccCheckRancher2NPodSecurityPolicyTemplateExists(testAccRancher2PodSecurityPolicyTemplateType+".foo", pspTemplate), - resource.TestCheckResourceAttr(testAccRancher2PodSecurityPolicyTemplateType+".foo", "name", "foo"), - resource.TestCheckResourceAttr(testAccRancher2PodSecurityPolicyTemplateType+".foo", "description", "Terraform PodSecurityPolicyTemplate acceptance test - updated"), - ), - }, - }, - }) -} - -func testAccCheckRancher2NPodSecurityPolicyTemplateExists(n string, pspTemplate *managementClient.PodSecurityPolicyTemplate) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[n] - - if !ok { - return fmt.Errorf("Not found: %s", n) - } - - if rs.Primary.ID == "" { - return fmt.Errorf("No PodSecurityPolicyTemplate ID is set") - } - - client, err := testAccProvider.Meta().(*Config).ManagementClient() - if err != nil { - return err - } - - foundPSP, err := client.PodSecurityPolicyTemplate.ByID(rs.Primary.ID) - if err != nil { - if IsNotFound(err) { - return fmt.Errorf("PodSecurityPolicyTemplate not found") - } - return err - } - - pspTemplate = foundPSP - - return nil - } -} - -func testAccCheckRancher2PodSecurityPolicyTemplateDestroy(s *terraform.State) error { - for _, rs := range s.RootModule().Resources { - if rs.Type != "rancher2_pod_security_policy_template" { - continue - } - client, err := testAccProvider.Meta().(*Config).ManagementClient() - if err != nil { - return err - } - - _, err = client.PodSecurityPolicyTemplate.ByID(rs.Primary.ID) - if err != nil { - if IsNotFound(err) { - return nil - } - return err - } - - return fmt.Errorf("PodSecurityPolicyTemplate still exists") - } - return nil -} diff --git a/rancher2/resource_rancher2_project.go b/rancher2/resource_rancher2_project.go index 536f5d79..8fa64959 100644 --- a/rancher2/resource_rancher2_project.go +++ b/rancher2/resource_rancher2_project.go @@ -77,32 +77,6 @@ func resourceRancher2ProjectCreate(d *schema.ResourceData, meta interface{}) err "[ERROR] waiting for project (%s) to be created: %s", newProject.ID, waitErr) } - if pspID, ok := d.Get("pod_security_policy_template_id").(string); ok && len(pspID) > 0 { - pspInput := &managementClient.SetPodSecurityPolicyTemplateInput{ - PodSecurityPolicyTemplateName: pspID, - } - err = resource.Retry(3*time.Second, func() *resource.RetryError { - newProject, err = client.Project.ByID(newProject.ID) - if err != nil { - return resource.NonRetryableError(err) - } - _, err = client.Project.ActionSetpodsecuritypolicytemplate(newProject, pspInput) - if err != nil { - if IsConflict(err) || IsForbidden(err) { - return resource.RetryableError(err) - } - // Checking error due to ActionSetpodsecuritypolicytemplate() issue - if error.Error(err) != "unexpected end of JSON input" { - return resource.NonRetryableError(err) - } - } - return nil - }) - if err != nil { - return fmt.Errorf("[ERROR] waiting for pod_security_policy_template_id (%s) to be set on project (%s): %s", pspID, newProject.ID, err) - } - } - return resourceRancher2ProjectRead(d, meta) } @@ -165,19 +139,6 @@ func resourceRancher2ProjectUpdate(d *schema.ResourceData, meta interface{}) err "[ERROR] waiting for project (%s) to be updated: %s", newProject.ID, waitErr) } - if d.HasChange("pod_security_policy_template_id") { - pspInput := &managementClient.SetPodSecurityPolicyTemplateInput{ - PodSecurityPolicyTemplateName: d.Get("pod_security_policy_template_id").(string), - } - _, err = client.Project.ActionSetpodsecuritypolicytemplate(newProject, pspInput) - if err != nil { - // Checking error due to ActionSetpodsecuritypolicytemplate() issue - if error.Error(err) != "unexpected end of JSON input" { - return err - } - } - } - return resourceRancher2ProjectRead(d, meta) } diff --git a/rancher2/schema_cluster.go b/rancher2/schema_cluster.go index e70f7711..383fbb73 100644 --- a/rancher2/schema_cluster.go +++ b/rancher2/schema_cluster.go @@ -227,12 +227,6 @@ func clusterFieldsV0() map[string]*schema.Schema { Optional: true, Description: "Cluster template revision ID", }, - "default_pod_security_policy_template_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "Default pod security policy template ID", - }, "default_pod_security_admission_configuration_template_name": { Type: schema.TypeString, Optional: true, @@ -485,12 +479,6 @@ func clusterFields() map[string]*schema.Schema { Optional: true, Description: "Cluster template revision ID", }, - "default_pod_security_policy_template_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "Default pod security policy template ID", - }, "default_pod_security_admission_configuration_template_name": { Type: schema.TypeString, Optional: true, diff --git a/rancher2/schema_cluster_template.go b/rancher2/schema_cluster_template.go index 8c7956b8..52f0dd6d 100644 --- a/rancher2/schema_cluster_template.go +++ b/rancher2/schema_cluster_template.go @@ -66,12 +66,6 @@ func clusterSpecBaseFieldsV0() map[string]*schema.Schema { Computed: true, Description: "Default cluster role for project members", }, - "default_pod_security_policy_template_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "Default pod security policy template ID", - }, "default_pod_security_admission_configuration_template_name": { Type: schema.TypeString, Optional: true, @@ -140,12 +134,6 @@ func clusterSpecBaseFields() map[string]*schema.Schema { Computed: true, Description: "Default cluster role for project members", }, - "default_pod_security_policy_template_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "Default pod security policy template ID", - }, "default_pod_security_admission_configuration_template_name": { Type: schema.TypeString, Optional: true, @@ -215,12 +203,6 @@ func clusterSpecBaseFieldsData() map[string]*schema.Schema { Computed: true, Description: "Default cluster role for project members", }, - "default_pod_security_policy_template_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "Default pod security policy template ID", - }, "default_pod_security_admission_configuration_template_name": { Type: schema.TypeString, Optional: true, diff --git a/rancher2/schema_cluster_v2.go b/rancher2/schema_cluster_v2.go index 5fedda4a..cab606cb 100644 --- a/rancher2/schema_cluster_v2.go +++ b/rancher2/schema_cluster_v2.go @@ -71,11 +71,6 @@ func clusterV2FieldsV0() map[string]*schema.Schema { Schema: agentDeploymentCustomizationFields(), }, }, - "default_pod_security_policy_template_name": { - Type: schema.TypeString, - Optional: true, - Description: "Cluster V2 default pod security policy template name", - }, "default_pod_security_admission_configuration_template_name": { Type: schema.TypeString, Optional: true, @@ -191,11 +186,6 @@ func clusterV2Fields() map[string]*schema.Schema { Schema: agentDeploymentCustomizationFields(), }, }, - "default_pod_security_policy_template_name": { - Type: schema.TypeString, - Optional: true, - Description: "Cluster V2 default pod security policy template name", - }, "default_pod_security_admission_configuration_template_name": { Type: schema.TypeString, Optional: true, diff --git a/rancher2/schema_project.go b/rancher2/schema_project.go index 5c0de29d..8d63492d 100644 --- a/rancher2/schema_project.go +++ b/rancher2/schema_project.go @@ -116,10 +116,6 @@ func projectFields() map[string]*schema.Schema { Type: schema.TypeString, Optional: true, }, - "pod_security_policy_template_id": { - Type: schema.TypeString, - Optional: true, - }, "resource_quota": { Type: schema.TypeList, MaxItems: 1, diff --git a/rancher2/structure_cluster.go b/rancher2/structure_cluster.go index 9bb53fb7..45a3c46d 100644 --- a/rancher2/structure_cluster.go +++ b/rancher2/structure_cluster.go @@ -100,10 +100,6 @@ func flattenCluster(d *schema.ResourceData, in *Cluster, clusterRegToken *manage } - if len(in.DefaultPodSecurityPolicyTemplateID) > 0 { - d.Set("default_pod_security_policy_template_id", in.DefaultPodSecurityPolicyTemplateID) - } - if len(in.DefaultPodSecurityAdmissionConfigurationTemplateName) > 0 { d.Set("default_pod_security_admission_configuration_template_name", in.DefaultPodSecurityAdmissionConfigurationTemplateName) } @@ -455,10 +451,6 @@ func expandCluster(in *schema.ResourceData) (*Cluster, error) { } } - if v, ok := in.Get("default_pod_security_policy_template_id").(string); ok && len(v) > 0 { - obj.DefaultPodSecurityPolicyTemplateID = v - } - if v, ok := in.Get("default_pod_security_admission_configuration_template_name").(string); ok && len(v) > 0 { obj.DefaultPodSecurityAdmissionConfigurationTemplateName = v } diff --git a/rancher2/structure_cluster_rke_config_services_kube_api.go b/rancher2/structure_cluster_rke_config_services_kube_api.go index 8614b257..bc1f043f 100644 --- a/rancher2/structure_cluster_rke_config_services_kube_api.go +++ b/rancher2/structure_cluster_rke_config_services_kube_api.go @@ -179,8 +179,6 @@ func flattenClusterRKEConfigServicesKubeAPI(in *managementClient.KubeAPIService) obj["image"] = in.Image } - obj["pod_security_policy"] = in.PodSecurityPolicy - if in.SecretsEncryptionConfig != nil { customConfig, err := flattenClusterRKEConfigServicesKubeAPISecretsEncryptionConfig(in.SecretsEncryptionConfig) if err != nil { @@ -404,10 +402,6 @@ func expandClusterRKEConfigServicesKubeAPI(p []interface{}) (*managementClient.K obj.Image = v } - if v, ok := in["pod_security_policy"].(bool); ok { - obj.PodSecurityPolicy = v - } - if v, ok := in["secrets_encryption_config"].([]interface{}); ok && len(v) > 0 { obj.SecretsEncryptionConfig = expandClusterRKEConfigServicesKubeAPISecretsEncryptionConfig(v) } diff --git a/rancher2/structure_cluster_rke_config_services_kube_api_test.go b/rancher2/structure_cluster_rke_config_services_kube_api_test.go index 5aa1deb9..a13da2f6 100644 --- a/rancher2/structure_cluster_rke_config_services_kube_api_test.go +++ b/rancher2/structure_cluster_rke_config_services_kube_api_test.go @@ -129,7 +129,6 @@ func init() { ExtraBinds: []string{"bind_one", "bind_two"}, ExtraEnv: []string{"env_one", "env_two"}, Image: "image", - PodSecurityPolicy: true, SecretsEncryptionConfig: testClusterRKEConfigServicesKubeAPISecretsEncryptionConfigConf, ServiceClusterIPRange: "10.43.0.0/16", ServiceNodePortRange: "30000-32000", diff --git a/rancher2/structure_cluster_template.go b/rancher2/structure_cluster_template.go index 0762ec94..c0764c95 100644 --- a/rancher2/structure_cluster_template.go +++ b/rancher2/structure_cluster_template.go @@ -60,10 +60,6 @@ func flattenClusterSpecBase(in *managementClient.ClusterSpecBase, p []interface{ obj["default_cluster_role_for_project_members"] = in.DefaultClusterRoleForProjectMembers } - if len(in.DefaultPodSecurityPolicyTemplateID) > 0 { - obj["default_pod_security_policy_template_id"] = in.DefaultPodSecurityPolicyTemplateID - } - if len(in.DefaultPodSecurityAdmissionConfigurationTemplateName) > 0 { obj["default_pod_security_admission_configuration_template_name"] = in.DefaultPodSecurityAdmissionConfigurationTemplateName } @@ -294,10 +290,6 @@ func expandClusterSpecBase(p []interface{}) (*managementClient.ClusterSpecBase, obj.DefaultClusterRoleForProjectMembers = v } - if v, ok := in["default_pod_security_policy_template_id"].(string); ok && len(v) > 0 { - obj.DefaultPodSecurityPolicyTemplateID = v - } - if v, ok := in["default_pod_security_admission_configuration_template_name"].(string); ok && len(v) > 0 { obj.DefaultPodSecurityAdmissionConfigurationTemplateName = v } diff --git a/rancher2/structure_cluster_template_test.go b/rancher2/structure_cluster_template_test.go index 88b1ab36..9cca45b1 100644 --- a/rancher2/structure_cluster_template_test.go +++ b/rancher2/structure_cluster_template_test.go @@ -103,21 +103,19 @@ func testClusterTemplate() { } testClusterTemplateRevisionsConfigConf = &managementClient.ClusterSpecBase{ DefaultClusterRoleForProjectMembers: "default_cluster_role_for_project_members", - DefaultPodSecurityPolicyTemplateID: "default_pod_security_policy_template_id", DefaultPodSecurityAdmissionConfigurationTemplateName: "default_pod_security_admission_configuration_template_name", - DesiredAgentImage: "desired_agent_image", - DesiredAuthImage: "desired_auth_image", - DockerRootDir: "docker_root_dir", - EnableNetworkPolicy: newTrue(), - LocalClusterAuthEndpoint: testClusterTemplateRevisionsConfigAuthEndpointConf, - RancherKubernetesEngineConfig: testClusterTemplateRevisionsConfigRKEConf, - WindowsPreferedCluster: true, + DesiredAgentImage: "desired_agent_image", + DesiredAuthImage: "desired_auth_image", + DockerRootDir: "docker_root_dir", + EnableNetworkPolicy: newTrue(), + LocalClusterAuthEndpoint: testClusterTemplateRevisionsConfigAuthEndpointConf, + RancherKubernetesEngineConfig: testClusterTemplateRevisionsConfigRKEConf, + WindowsPreferedCluster: true, } testClusterTemplateRevisionsConfigInterface = []interface{}{ map[string]interface{}{ "cluster_auth_endpoint": testClusterTemplateRevisionsConfigAuthEndpointInterface, "default_cluster_role_for_project_members": "default_cluster_role_for_project_members", - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", "desired_agent_image": "desired_agent_image", "desired_auth_image": "desired_auth_image", "docker_root_dir": "docker_root_dir", diff --git a/rancher2/structure_cluster_test.go b/rancher2/structure_cluster_test.go index b6d3dd08..70080fef 100644 --- a/rancher2/structure_cluster_test.go +++ b/rancher2/structure_cluster_test.go @@ -265,7 +265,6 @@ func testCluster() { testClusterConfAKS.Description = "description" testClusterConfAKS.Driver = clusterDriverAKS testClusterConfAKS.AgentEnvVars = testClusterEnvVarsConf - testClusterConfAKS.DefaultPodSecurityPolicyTemplateID = "default_pod_security_policy_template_id" testClusterConfAKS.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterConfAKS.EnableNetworkPolicy = newTrue() testClusterConfAKS.LocalClusterAuthEndpoint = testLocalClusterAuthEndpointConf @@ -277,13 +276,12 @@ func testCluster() { "description": "description", "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, "cluster_registration_token": testClusterRegistrationTokenInterface, - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", - "enable_network_policy": true, - "kube_config": "kube_config", - "driver": clusterDriverAKS, - "aks_config": testClusterAKSConfigInterface, - "system_project_id": "system_project_id", + "enable_network_policy": true, + "kube_config": "kube_config", + "driver": clusterDriverAKS, + "aks_config": testClusterAKSConfigInterface, + "system_project_id": "system_project_id", } testClusterConfEKS = &Cluster{ AmazonElasticContainerServiceConfig: testClusterEKSConfigConf, @@ -292,7 +290,6 @@ func testCluster() { testClusterConfEKS.Description = "description" testClusterConfEKS.Driver = clusterDriverEKS testClusterConfEKS.AgentEnvVars = testClusterEnvVarsConf - testClusterConfEKS.DefaultPodSecurityPolicyTemplateID = "default_pod_security_policy_template_id" testClusterConfEKS.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterConfEKS.EnableNetworkPolicy = newTrue() testClusterConfEKS.LocalClusterAuthEndpoint = testLocalClusterAuthEndpointConf @@ -304,13 +301,12 @@ func testCluster() { "description": "description", "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, "cluster_registration_token": testClusterRegistrationTokenInterface, - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", - "enable_network_policy": true, - "kube_config": "kube_config", - "driver": clusterDriverEKS, - "eks_config": testClusterEKSConfigInterface, - "system_project_id": "system_project_id", + "enable_network_policy": true, + "kube_config": "kube_config", + "driver": clusterDriverEKS, + "eks_config": testClusterEKSConfigInterface, + "system_project_id": "system_project_id", } testClusterConfEKSV2 = &Cluster{} testClusterConfEKSV2.EKSConfig = testClusterEKSConfigV2Conf @@ -320,21 +316,19 @@ func testCluster() { testClusterConfEKSV2.AgentEnvVars = testClusterEnvVarsConf testClusterConfEKSV2.ClusterAgentDeploymentCustomization = testClusterAgentDeploymentCustomizationConf testClusterConfEKSV2.FleetAgentDeploymentCustomization = testClusterAgentDeploymentCustomizationConf - testClusterConfEKSV2.DefaultPodSecurityPolicyTemplateID = "default_pod_security_policy_template_id" testClusterConfEKSV2.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterConfEKSV2.EnableNetworkPolicy = newTrue() testClusterConfEKSV2.LocalClusterAuthEndpoint = testLocalClusterAuthEndpointConf testClusterInterfaceEKSV2 = map[string]interface{}{ - "id": "id", - "name": "test", - "agent_env_vars": testClusterEnvVarsInterface, - "cluster_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, - "fleet_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, - "default_project_id": "default_project_id", - "description": "description", - "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, - "cluster_registration_token": testClusterRegistrationTokenInterface, - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", + "id": "id", + "name": "test", + "agent_env_vars": testClusterEnvVarsInterface, + "cluster_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, + "fleet_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, + "default_project_id": "default_project_id", + "description": "description", + "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, + "cluster_registration_token": testClusterRegistrationTokenInterface, "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", "enable_network_policy": true, "kube_config": "kube_config", @@ -349,7 +343,6 @@ func testCluster() { testClusterConfGKE.Description = "description" testClusterConfGKE.Driver = clusterDriverGKE testClusterConfGKE.AgentEnvVars = testClusterEnvVarsConf - testClusterConfGKE.DefaultPodSecurityPolicyTemplateID = "default_pod_security_policy_template_id" testClusterConfGKE.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterConfGKE.EnableNetworkPolicy = newTrue() testClusterConfGKE.LocalClusterAuthEndpoint = testLocalClusterAuthEndpointConf @@ -361,13 +354,12 @@ func testCluster() { "description": "description", "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, "cluster_registration_token": testClusterRegistrationTokenInterface, - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", - "enable_network_policy": true, - "kube_config": "kube_config", - "driver": clusterDriverGKE, - "gke_config": testClusterGKEConfigInterface, - "system_project_id": "system_project_id", + "enable_network_policy": true, + "kube_config": "kube_config", + "driver": clusterDriverGKE, + "gke_config": testClusterGKEConfigInterface, + "system_project_id": "system_project_id", } testClusterConfK3S = &Cluster{} testClusterConfK3S.Name = "test" @@ -375,7 +367,6 @@ func testCluster() { testClusterConfK3S.K3sConfig = testClusterK3SConfigConf testClusterConfK3S.Driver = clusterDriverK3S testClusterConfK3S.AgentEnvVars = testClusterEnvVarsConf - testClusterConfK3S.DefaultPodSecurityPolicyTemplateID = "default_pod_security_policy_template_id" testClusterConfK3S.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterConfK3S.EnableNetworkPolicy = newTrue() testClusterConfK3S.LocalClusterAuthEndpoint = testLocalClusterAuthEndpointConf @@ -387,14 +378,13 @@ func testCluster() { "description": "description", "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, "cluster_registration_token": testClusterRegistrationTokenInterface, - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", - "enable_network_policy": true, - "kube_config": "kube_config", - "driver": clusterDriverK3S, - "k3s_config": testClusterK3SConfigInterface, - "system_project_id": "system_project_id", - "windows_prefered_cluster": false, + "enable_network_policy": true, + "kube_config": "kube_config", + "driver": clusterDriverK3S, + "k3s_config": testClusterK3SConfigInterface, + "system_project_id": "system_project_id", + "windows_prefered_cluster": false, } testClusterConfGKEV2 = &Cluster{} testClusterConfGKEV2.GKEConfig = testClusterGKEConfigV2Conf @@ -402,7 +392,6 @@ func testCluster() { testClusterConfGKEV2.Description = "description" testClusterConfGKEV2.Driver = clusterDriverGKEV2 testClusterConfGKEV2.AgentEnvVars = testClusterEnvVarsConf - testClusterConfGKEV2.DefaultPodSecurityPolicyTemplateID = "default_pod_security_policy_template_id" testClusterConfGKEV2.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterConfGKEV2.EnableNetworkPolicy = newTrue() testClusterConfGKEV2.LocalClusterAuthEndpoint = testLocalClusterAuthEndpointConf @@ -414,13 +403,12 @@ func testCluster() { "description": "description", "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, "cluster_registration_token": testClusterRegistrationTokenInterface, - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", - "enable_network_policy": true, - "kube_config": "kube_config", - "driver": clusterDriverGKEV2, - "gke_config_v2": testClusterGKEConfigV2Interface, - "system_project_id": "system_project_id", + "enable_network_policy": true, + "kube_config": "kube_config", + "driver": clusterDriverGKEV2, + "gke_config_v2": testClusterGKEConfigV2Interface, + "system_project_id": "system_project_id", } testClusterConfOKE = &Cluster{ OracleKubernetesEngineConfig: testClusterOKEConfigConf, @@ -429,7 +417,6 @@ func testCluster() { testClusterConfOKE.Description = "description" testClusterConfOKE.Driver = clusterOKEKind testClusterConfOKE.AgentEnvVars = testClusterEnvVarsConf - testClusterConfOKE.DefaultPodSecurityPolicyTemplateID = "default_pod_security_policy_template_id" testClusterConfOKE.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterConfOKE.EnableNetworkPolicy = newTrue() testClusterConfOKE.LocalClusterAuthEndpoint = testLocalClusterAuthEndpointConf @@ -441,13 +428,12 @@ func testCluster() { "description": "description", "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, "cluster_registration_token": testClusterRegistrationTokenInterface, - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", - "enable_network_policy": true, - "kube_config": "kube_config", - "driver": clusterOKEKind, - "oke_config": testClusterOKEConfigInterface, - "system_project_id": "system_project_id", + "enable_network_policy": true, + "kube_config": "kube_config", + "driver": clusterOKEKind, + "oke_config": testClusterOKEConfigInterface, + "system_project_id": "system_project_id", } testClusterConfRKE = &Cluster{} testClusterConfRKE.Name = "test" @@ -457,22 +443,20 @@ func testCluster() { testClusterConfRKE.AgentEnvVars = testClusterEnvVarsConf testClusterConfRKE.ClusterAgentDeploymentCustomization = testClusterAgentDeploymentCustomizationConf testClusterConfRKE.FleetAgentDeploymentCustomization = testClusterAgentDeploymentCustomizationConf - testClusterConfRKE.DefaultPodSecurityPolicyTemplateID = "default_pod_security_policy_template_id" testClusterConfRKE.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterConfRKE.FleetWorkspaceName = "fleet-test" testClusterConfRKE.EnableNetworkPolicy = newTrue() testClusterConfRKE.LocalClusterAuthEndpoint = testLocalClusterAuthEndpointConf testClusterInterfaceRKE = map[string]interface{}{ - "id": "id", - "name": "test", - "agent_env_vars": testClusterEnvVarsInterface, - "cluster_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, - "fleet_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, - "default_project_id": "default_project_id", - "description": "description", - "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, - "cluster_registration_token": testClusterRegistrationTokenInterface, - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", + "id": "id", + "name": "test", + "agent_env_vars": testClusterEnvVarsInterface, + "cluster_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, + "fleet_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, + "default_project_id": "default_project_id", + "description": "description", + "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, + "cluster_registration_token": testClusterRegistrationTokenInterface, "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", "enable_network_policy": true, "fleet_workspace_name": "fleet-test", @@ -490,21 +474,19 @@ func testCluster() { testClusterConfRKE2.AgentEnvVars = testClusterEnvVarsConf testClusterConfRKE2.ClusterAgentDeploymentCustomization = testClusterAgentDeploymentCustomizationConf testClusterConfRKE2.FleetAgentDeploymentCustomization = testClusterAgentDeploymentCustomizationConf - testClusterConfRKE2.DefaultPodSecurityPolicyTemplateID = "default_pod_security_policy_template_id" testClusterConfRKE2.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterConfRKE2.EnableNetworkPolicy = newTrue() testClusterConfRKE2.LocalClusterAuthEndpoint = testLocalClusterAuthEndpointConf testClusterInterfaceRKE2 = map[string]interface{}{ - "id": "id", - "name": "test", - "agent_env_vars": testClusterEnvVarsInterface, - "cluster_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, - "fleet_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, - "default_project_id": "default_project_id", - "description": "description", - "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, - "cluster_registration_token": testClusterRegistrationTokenInterface, - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", + "id": "id", + "name": "test", + "agent_env_vars": testClusterEnvVarsInterface, + "cluster_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, + "fleet_agent_deployment_customization": testClusterAgentDeploymentCustomizationInterface, + "default_project_id": "default_project_id", + "description": "description", + "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, + "cluster_registration_token": testClusterRegistrationTokenInterface, "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", "enable_network_policy": true, "kube_config": "kube_config", @@ -522,7 +504,6 @@ func testCluster() { testClusterConfTemplate.ClusterTemplateRevisionID = "cluster_template_revision_id" testClusterConfTemplate.Driver = clusterDriverRKE testClusterConfTemplate.AgentEnvVars = testClusterEnvVarsConf - testClusterConfTemplate.DefaultPodSecurityPolicyTemplateID = "default_pod_security_policy_template_id" testClusterConfTemplate.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterConfTemplate.EnableNetworkPolicy = newTrue() testClusterConfTemplate.LocalClusterAuthEndpoint = testLocalClusterAuthEndpointConf @@ -534,18 +515,17 @@ func testCluster() { "description": "description", "cluster_auth_endpoint": testLocalClusterAuthEndpointInterface, "cluster_registration_token": testClusterRegistrationTokenInterface, - "default_pod_security_policy_template_id": "default_pod_security_policy_template_id", "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", - "enable_network_policy": true, - "kube_config": "kube_config", - "driver": clusterDriverRKE, - "cluster_template_answers": testClusterAnswersInterface, - "cluster_template_id": "cluster_template_id", - "cluster_template_questions": testClusterQuestionsInterface, - "cluster_template_revision_id": "cluster_template_revision_id", - "rke_config": []interface{}{}, - "system_project_id": "system_project_id", - "windows_prefered_cluster": false, + "enable_network_policy": true, + "kube_config": "kube_config", + "driver": clusterDriverRKE, + "cluster_template_answers": testClusterAnswersInterface, + "cluster_template_id": "cluster_template_id", + "cluster_template_questions": testClusterQuestionsInterface, + "cluster_template_revision_id": "cluster_template_revision_id", + "rke_config": []interface{}{}, + "system_project_id": "system_project_id", + "windows_prefered_cluster": false, } } @@ -637,7 +617,7 @@ func TestFlattenCluster(t *testing.T) { for _, tc := range cases { output := schema.TestResourceDataRaw(t, clusterFields(), map[string]interface{}{}) tc.InputToken.ID = "id" - err := flattenCluster(output, tc.Input, tc.InputToken, tc.InputKube, tc.ExpectedOutput["default_project_id"].(string), tc.ExpectedOutput["system_project_id"].(string), nil) + err := flattenCluster(output, tc.Input, tc.InputToken, tc.InputKube, tc.ExpectedOutput["default_project_id"].(string), tc.ExpectedOutput["system_project_id"].(string)) if err != nil { assert.FailNow(t, "[ERROR] on flattener: %#v", err) } @@ -786,7 +766,7 @@ func TestFlattenClusterWithPreservedClusterTemplateAnswers(t *testing.T) { }, }) tc.InputToken.ID = "id" - err := flattenCluster(output, tc.Input, tc.InputToken, tc.InputKube, tc.ExpectedOutput["default_project_id"].(string), tc.ExpectedOutput["system_project_id"].(string), nil) + err := flattenCluster(output, tc.Input, tc.InputToken, tc.InputKube, tc.ExpectedOutput["default_project_id"].(string), tc.ExpectedOutput["system_project_id"].(string)) if err != nil { assert.FailNow(t, "[ERROR] on flattener: %#v", err) } diff --git a/rancher2/structure_cluster_v2.go b/rancher2/structure_cluster_v2.go index 41cc36c0..3444e33d 100644 --- a/rancher2/structure_cluster_v2.go +++ b/rancher2/structure_cluster_v2.go @@ -65,9 +65,6 @@ func flattenClusterV2(d *schema.ResourceData, in *ClusterV2) error { if in.Spec.FleetAgentDeploymentCustomization != nil { d.Set("fleet_agent_deployment_customization", flattenAgentDeploymentCustomizationV2(in.Spec.FleetAgentDeploymentCustomization)) } - if len(in.Spec.DefaultPodSecurityPolicyTemplateName) > 0 { - d.Set("default_pod_security_policy_template_name", in.Spec.DefaultPodSecurityPolicyTemplateName) - } if len(in.Spec.DefaultPodSecurityAdmissionConfigurationTemplateName) > 0 { d.Set("default_pod_security_admission_configuration_template_name", in.Spec.DefaultPodSecurityAdmissionConfigurationTemplateName) } @@ -142,9 +139,6 @@ func expandClusterV2(in *schema.ResourceData) (*ClusterV2, error) { if v, ok := in.Get("cloud_credential_secret_name").(string); ok && len(v) > 0 { obj.Spec.CloudCredentialSecretName = v } - if v, ok := in.Get("default_pod_security_policy_template_name").(string); ok && len(v) > 0 { - obj.Spec.DefaultPodSecurityPolicyTemplateName = v - } if v, ok := in.Get("default_pod_security_admission_configuration_template_name").(string); ok && len(v) > 0 { obj.Spec.DefaultPodSecurityAdmissionConfigurationTemplateName = v } diff --git a/rancher2/structure_cluster_v2_test.go b/rancher2/structure_cluster_v2_test.go index 72974241..3988ce42 100644 --- a/rancher2/structure_cluster_v2_test.go +++ b/rancher2/structure_cluster_v2_test.go @@ -61,7 +61,6 @@ func init() { testClusterV2Conf.Spec.RKEConfig = testClusterV2RKEConfigConf testClusterV2Conf.Spec.AgentEnvVars = testClusterV2EnvVarConf testClusterV2Conf.Spec.CloudCredentialSecretName = "cloud_credential_secret_name" - testClusterV2Conf.Spec.DefaultPodSecurityPolicyTemplateName = "default_pod_security_policy_template_name" testClusterV2Conf.Spec.DefaultPodSecurityAdmissionConfigurationTemplateName = "default_pod_security_admission_configuration_template_name" testClusterV2Conf.Spec.DefaultClusterRoleForProjectMembers = "default_cluster_role_for_project_members" testClusterV2Conf.Spec.EnableNetworkPolicy = newTrue() @@ -153,16 +152,15 @@ func init() { } testClusterV2Interface = map[string]interface{}{ - "name": "name", - "fleet_namespace": "fleet_namespace", - "kubernetes_version": "kubernetes_version", - "local_auth_endpoint": testClusterV2LocalAuthEndpointInterface, - "rke_config": testClusterV2RKEConfigInterface, - "agent_env_vars": testClusterV2EnvVarInterface, - "cluster_agent_deployment_customization": testClusterV2AgentCustomizationInterface, - "fleet_agent_deployment_customization": testClusterV2AgentCustomizationInterface, - "cloud_credential_secret_name": "cloud_credential_secret_name", - "default_pod_security_policy_template_name": "default_pod_security_policy_template_name", + "name": "name", + "fleet_namespace": "fleet_namespace", + "kubernetes_version": "kubernetes_version", + "local_auth_endpoint": testClusterV2LocalAuthEndpointInterface, + "rke_config": testClusterV2RKEConfigInterface, + "agent_env_vars": testClusterV2EnvVarInterface, + "cluster_agent_deployment_customization": testClusterV2AgentCustomizationInterface, + "fleet_agent_deployment_customization": testClusterV2AgentCustomizationInterface, + "cloud_credential_secret_name": "cloud_credential_secret_name", "default_pod_security_admission_configuration_template_name": "default_pod_security_admission_configuration_template_name", "default_cluster_role_for_project_members": "default_cluster_role_for_project_members", "enable_network_policy": true, diff --git a/rancher2/structure_pod_security_policy_allowed_csi_drivers.go b/rancher2/structure_pod_security_policy_allowed_csi_drivers.go deleted file mode 100644 index 0f34b405..00000000 --- a/rancher2/structure_pod_security_policy_allowed_csi_drivers.go +++ /dev/null @@ -1,47 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicyAllowedCSIDrivers(in []managementClient.AllowedCSIDriver) []interface{} { - - if len(in) == 0 { - return []interface{}{} - } - - out := make([]interface{}, len(in)) - - for i, v := range in { - obj := make(map[string]interface{}) - - obj["name"] = v.Name - - out[i] = obj - } - - return out -} - -// Expanders - -func expandPodSecurityPolicyAllowedCSIDrivers(in []interface{}) []managementClient.AllowedCSIDriver { - - if len(in) == 0 || in[0] == nil { - return []managementClient.AllowedCSIDriver{} - } - - obj := make([]managementClient.AllowedCSIDriver, len(in)) - - for i, v := range in { - if m, ok := v.(map[string]interface{}); ok { - obj[i] = managementClient.AllowedCSIDriver{ - Name: m["name"].(string), - } - } - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_allowed_csi_drivers_test.go b/rancher2/structure_pod_security_policy_allowed_csi_drivers_test.go deleted file mode 100644 index 799bd9c8..00000000 --- a/rancher2/structure_pod_security_policy_allowed_csi_drivers_test.go +++ /dev/null @@ -1,74 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicyAllowedCSIDriversConf []managementClient.AllowedCSIDriver - testPodSecurityPolicyAllowedCSIDriversInterface []interface{} - testEmptyPodSecurityPolicyAllowedCSIDriversConf []managementClient.AllowedCSIDriver - testEmptyPodSecurityPolicyAllowedCSIDriversInterface []interface{} -) - -func init() { - testPodSecurityPolicyAllowedCSIDriversConf = []managementClient.AllowedCSIDriver{ - { - Name: "foo", - }, - { - Name: "bar", - }, - } - testPodSecurityPolicyAllowedCSIDriversInterface = []interface{}{ - map[string]interface{}{ - "name": "foo", - }, - map[string]interface{}{ - "name": "bar", - }, - } - testEmptyPodSecurityPolicyAllowedCSIDriversInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicyAllowedCSIDrivers(t *testing.T) { - - cases := []struct { - Input []managementClient.AllowedCSIDriver - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicyAllowedCSIDriversConf, - testPodSecurityPolicyAllowedCSIDriversInterface, - }, - { - testEmptyPodSecurityPolicyAllowedCSIDriversConf, - testEmptyPodSecurityPolicyAllowedCSIDriversInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicyAllowedCSIDrivers(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicyAllowedCSIDrivers(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput []managementClient.AllowedCSIDriver - }{ - { - testPodSecurityPolicyAllowedCSIDriversInterface, - testPodSecurityPolicyAllowedCSIDriversConf, - }, - } - for _, tc := range cases { - output := expandPodSecurityPolicyAllowedCSIDrivers(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_allowed_flex_volumes.go b/rancher2/structure_pod_security_policy_allowed_flex_volumes.go deleted file mode 100644 index 29ecd49d..00000000 --- a/rancher2/structure_pod_security_policy_allowed_flex_volumes.go +++ /dev/null @@ -1,47 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicyAllowedFlexVolumes(in []managementClient.AllowedFlexVolume) []interface{} { - - if len(in) == 0 { - return []interface{}{} - } - - out := make([]interface{}, len(in)) - - for i, v := range in { - obj := make(map[string]interface{}) - - obj["driver"] = v.Driver - - out[i] = obj - } - - return out -} - -// Expanders - -func expandPodSecurityPolicyAllowedFlexVolumes(in []interface{}) []managementClient.AllowedFlexVolume { - - if len(in) == 0 || in[0] == nil { - return []managementClient.AllowedFlexVolume{} - } - - obj := make([]managementClient.AllowedFlexVolume, len(in)) - - for i, v := range in { - if m, ok := v.(map[string]interface{}); ok { - obj[i] = managementClient.AllowedFlexVolume{ - Driver: m["driver"].(string), - } - } - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_allowed_flex_volumes_test.go b/rancher2/structure_pod_security_policy_allowed_flex_volumes_test.go deleted file mode 100644 index 3f2dc7fd..00000000 --- a/rancher2/structure_pod_security_policy_allowed_flex_volumes_test.go +++ /dev/null @@ -1,74 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicyAllowedFlexVolumesConf []managementClient.AllowedFlexVolume - testPodSecurityPolicyAllowedFlexVolumesInterface []interface{} - testEmptyPodSecurityPolicyAllowedFlexVolumesConf []managementClient.AllowedFlexVolume - testEmptyPodSecurityPolicyAllowedFlexVolumesInterface []interface{} -) - -func init() { - testPodSecurityPolicyAllowedFlexVolumesConf = []managementClient.AllowedFlexVolume{ - { - Driver: "foo", - }, - { - Driver: "bar", - }, - } - testPodSecurityPolicyAllowedFlexVolumesInterface = []interface{}{ - map[string]interface{}{ - "driver": "foo", - }, - map[string]interface{}{ - "driver": "bar", - }, - } - testEmptyPodSecurityPolicyAllowedFlexVolumesInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicyAllowedFlexVolumes(t *testing.T) { - - cases := []struct { - Input []managementClient.AllowedFlexVolume - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicyAllowedFlexVolumesConf, - testPodSecurityPolicyAllowedFlexVolumesInterface, - }, - { - testEmptyPodSecurityPolicyAllowedFlexVolumesConf, - testEmptyPodSecurityPolicyAllowedFlexVolumesInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicyAllowedFlexVolumes(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicyAllowedFlexVolumes(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput []managementClient.AllowedFlexVolume - }{ - { - testPodSecurityPolicyAllowedFlexVolumesInterface, - testPodSecurityPolicyAllowedFlexVolumesConf, - }, - } - for _, tc := range cases { - output := expandPodSecurityPolicyAllowedFlexVolumes(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_allowed_host_paths.go b/rancher2/structure_pod_security_policy_allowed_host_paths.go deleted file mode 100644 index e2492c46..00000000 --- a/rancher2/structure_pod_security_policy_allowed_host_paths.go +++ /dev/null @@ -1,54 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicyAllowedHostPaths(in []managementClient.AllowedHostPath) []interface{} { - - if len(in) == 0 { - return []interface{}{} - } - - out := make([]interface{}, len(in)) - - for i, v := range in { - obj := make(map[string]interface{}) - - obj["path_prefix"] = v.PathPrefix - obj["read_only"] = v.ReadOnly - - out[i] = obj - } - - return out -} - -// Expanders - -func expandPodSecurityPolicyAllowedHostPaths(in []interface{}) []managementClient.AllowedHostPath { - - if len(in) == 0 || in[0] == nil { - return []managementClient.AllowedHostPath{} - } - - obj := make([]managementClient.AllowedHostPath, len(in)) - - for i, v := range in { - if m, ok := v.(map[string]interface{}); ok { - hp := managementClient.AllowedHostPath{ - PathPrefix: m["path_prefix"].(string), - } - - if ro, ok := m["read_only"].(bool); ok { - hp.ReadOnly = ro - } - - obj[i] = hp - } - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_allowed_host_paths_test.go b/rancher2/structure_pod_security_policy_allowed_host_paths_test.go deleted file mode 100644 index 5ebbed7d..00000000 --- a/rancher2/structure_pod_security_policy_allowed_host_paths_test.go +++ /dev/null @@ -1,77 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicyAllowedHostPathsConf []managementClient.AllowedHostPath - testPodSecurityPolicyAllowedHostPathsInterface []interface{} - testEmptyPodSecurityPolicyAllowedHostPathsConf []managementClient.AllowedHostPath - testEmptyPodSecurityPolicyAllowedHostPathsInterface []interface{} -) - -func init() { - testPodSecurityPolicyAllowedHostPathsConf = []managementClient.AllowedHostPath{ - { - PathPrefix: "/var/lib", - ReadOnly: true, - }, - { - PathPrefix: "/tmp", - }, - } - testPodSecurityPolicyAllowedHostPathsInterface = []interface{}{ - map[string]interface{}{ - "path_prefix": "/var/lib", - "read_only": true, - }, - map[string]interface{}{ - "path_prefix": "/tmp", - "read_only": false, - }, - } - testEmptyPodSecurityPolicyAllowedHostPathsInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicyAllowedHostPaths(t *testing.T) { - - cases := []struct { - Input []managementClient.AllowedHostPath - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicyAllowedHostPathsConf, - testPodSecurityPolicyAllowedHostPathsInterface, - }, - { - testEmptyPodSecurityPolicyAllowedHostPathsConf, - testEmptyPodSecurityPolicyAllowedHostPathsInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicyAllowedHostPaths(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicyAllowedHostPaths(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput []managementClient.AllowedHostPath - }{ - { - testPodSecurityPolicyAllowedHostPathsInterface, - testPodSecurityPolicyAllowedHostPathsConf, - }, - } - for _, tc := range cases { - output := expandPodSecurityPolicyAllowedHostPaths(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_fs_group.go b/rancher2/structure_pod_security_policy_fs_group.go deleted file mode 100644 index c2ae6d4b..00000000 --- a/rancher2/structure_pod_security_policy_fs_group.go +++ /dev/null @@ -1,48 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicyFSGroup(in *managementClient.FSGroupStrategyOptions) []interface{} { - - if in == nil { - return []interface{}{} - } - - obj := make(map[string]interface{}) - - if len(in.Rule) > 0 { - obj["rule"] = in.Rule - } - if len(in.Ranges) > 0 { - obj["range"] = flattenPodSecurityPolicyIDRanges(in.Ranges) - } - - return []interface{}{obj} -} - -// Expanders - -func expandPodSecurityPolicyFSGroup(in []interface{}) *managementClient.FSGroupStrategyOptions { - - obj := &managementClient.FSGroupStrategyOptions{} - - if len(in) == 0 || in[0] == nil { - return obj - } - - m := in[0].(map[string]interface{}) - - if v, ok := m["rule"].(string); ok { - obj.Rule = v - } - - if v, ok := m["range"].([]interface{}); ok && len(v) > 0 { - obj.Ranges = expandPodSecurityPolicyIDRanges(v) - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_fs_group_test.go b/rancher2/structure_pod_security_policy_fs_group_test.go deleted file mode 100644 index e9a9df35..00000000 --- a/rancher2/structure_pod_security_policy_fs_group_test.go +++ /dev/null @@ -1,91 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicyFSGroupConf *managementClient.FSGroupStrategyOptions - testPodSecurityPolicyFSGroupInterface []interface{} - testPodSecurityPolicyFSGroupIDRangesConf []managementClient.IDRange - testPodSecurityPolicyFSGroupIDRangesInterface []interface{} - testNilPodSecurityPolicyFSGroupConf *managementClient.FSGroupStrategyOptions - testEmptyPodSecurityPolicyFSGroupInterface []interface{} -) - -func init() { - testPodSecurityPolicyFSGroupIDRangesConf = []managementClient.IDRange{ - { - Min: int64(1), - Max: int64(3000), - }, - { - Min: int64(0), - Max: int64(5000), - }, - } - testPodSecurityPolicyFSGroupIDRangesInterface = []interface{}{ - map[string]interface{}{ - "min": 1, - "max": 3000, - }, - map[string]interface{}{ - "min": 0, - "max": 5000, - }, - } - testPodSecurityPolicyFSGroupConf = &managementClient.FSGroupStrategyOptions{ - Rule: "RunAsAny", - Ranges: testPodSecurityPolicyFSGroupIDRangesConf, - } - testPodSecurityPolicyFSGroupInterface = []interface{}{ - map[string]interface{}{ - "rule": "RunAsAny", - "range": testPodSecurityPolicyFSGroupIDRangesInterface, - }, - } - testEmptyPodSecurityPolicyFSGroupInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicyFSGroup(t *testing.T) { - - cases := []struct { - Input *managementClient.FSGroupStrategyOptions - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicyFSGroupConf, - testPodSecurityPolicyFSGroupInterface, - }, - { - testNilPodSecurityPolicyFSGroupConf, - testEmptyPodSecurityPolicyFSGroupInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicyFSGroup(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicyFSGroup(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput *managementClient.FSGroupStrategyOptions - }{ - { - testPodSecurityPolicyFSGroupInterface, - testPodSecurityPolicyFSGroupConf, - }, - } - - for _, tc := range cases { - output := expandPodSecurityPolicyFSGroup(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_host_port_range.go b/rancher2/structure_pod_security_policy_host_port_range.go deleted file mode 100644 index 71dc808b..00000000 --- a/rancher2/structure_pod_security_policy_host_port_range.go +++ /dev/null @@ -1,49 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicyHostPortRanges(in []managementClient.HostPortRange) []interface{} { - - if len(in) == 0 { - return []interface{}{} - } - - out := make([]interface{}, len(in)) - - for i, v := range in { - out[i] = map[string]interface{}{ - "min": int(v.Min), - "max": int(v.Max), - } - } - - return out - -} - -// Expanders - -func expandPodSecurityPolicyHostPortRanges(in []interface{}) []managementClient.HostPortRange { - - if len(in) == 0 || in[0] == nil { - return []managementClient.HostPortRange{} - } - - obj := make([]managementClient.HostPortRange, len(in)) - - for i, v := range in { - if m, ok := v.(map[string]interface{}); ok { - obj[i] = managementClient.HostPortRange{ - Min: int64(m["min"].(int)), - Max: int64(m["max"].(int)), - } - } - } - - return obj - -} diff --git a/rancher2/structure_pod_security_policy_host_port_range_test.go b/rancher2/structure_pod_security_policy_host_port_range_test.go deleted file mode 100644 index 4f369fc0..00000000 --- a/rancher2/structure_pod_security_policy_host_port_range_test.go +++ /dev/null @@ -1,78 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicyHostPortRangesConf []managementClient.HostPortRange - testPodSecurityPolicyHostPortRangesInterface []interface{} - testEmptyPodSecurityPolicyHostPortRangesConf []managementClient.HostPortRange - testEmptyPodSecurityPolicyHostPortRangesInterface []interface{} -) - -func init() { - testPodSecurityPolicyHostPortRangesConf = []managementClient.HostPortRange{ - { - Min: 1, - Max: 3000, - }, - { - Min: 2, - Max: 4000, - }, - } - testPodSecurityPolicyHostPortRangesInterface = []interface{}{ - map[string]interface{}{ - "min": 1, - "max": 3000, - }, - map[string]interface{}{ - "min": 2, - "max": 4000, - }, - } - testEmptyPodSecurityPolicyHostPortRangesInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicyHostPortRanges(t *testing.T) { - - cases := []struct { - Input []managementClient.HostPortRange - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicyHostPortRangesConf, - testPodSecurityPolicyHostPortRangesInterface, - }, - { - testEmptyPodSecurityPolicyHostPortRangesConf, - testEmptyPodSecurityPolicyHostPortRangesInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicyHostPortRanges(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicyHostPortRanges(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput []managementClient.HostPortRange - }{ - { - testPodSecurityPolicyHostPortRangesInterface, - testPodSecurityPolicyHostPortRangesConf, - }, - } - for _, tc := range cases { - output := expandPodSecurityPolicyHostPortRanges(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_id_ranges.go b/rancher2/structure_pod_security_policy_id_ranges.go deleted file mode 100644 index a9a5fd78..00000000 --- a/rancher2/structure_pod_security_policy_id_ranges.go +++ /dev/null @@ -1,47 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicyIDRanges(in []managementClient.IDRange) []interface{} { - - if len(in) == 0 { - return []interface{}{} - } - - out := make([]interface{}, len(in)) - - for i, v := range in { - out[i] = map[string]interface{}{ - "min": int(v.Min), - "max": int(v.Max), - } - } - - return out -} - -// Expanders - -func expandPodSecurityPolicyIDRanges(in []interface{}) []managementClient.IDRange { - - if len(in) == 0 || in[0] == nil { - return []managementClient.IDRange{} - } - - obj := make([]managementClient.IDRange, len(in)) - - for i, v := range in { - if m, ok := v.(map[string]interface{}); ok { - obj[i] = managementClient.IDRange{ - Min: int64(m["min"].(int)), - Max: int64(m["max"].(int)), - } - } - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_id_ranges_test.go b/rancher2/structure_pod_security_policy_id_ranges_test.go deleted file mode 100644 index 5ac74fa3..00000000 --- a/rancher2/structure_pod_security_policy_id_ranges_test.go +++ /dev/null @@ -1,79 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicyIDRangesConf []managementClient.IDRange - testPodSecurityPolicyIDRangesInterface []interface{} - testEmptyPodSecurityPolicyIDRangesConf []managementClient.IDRange - testEmptyPodSecurityPolicyIDRangesInterface []interface{} -) - -func init() { - testPodSecurityPolicyIDRangesConf = []managementClient.IDRange{ - { - Min: int64(1), - Max: int64(3000), - }, - { - Min: int64(0), - Max: int64(5000), - }, - } - testPodSecurityPolicyIDRangesInterface = []interface{}{ - map[string]interface{}{ - "min": 1, - "max": 3000, - }, - map[string]interface{}{ - "min": 0, - "max": 5000, - }, - } - testEmptyPodSecurityPolicyIDRangesInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicyIDRanges(t *testing.T) { - - cases := []struct { - Input []managementClient.IDRange - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicyIDRangesConf, - testPodSecurityPolicyIDRangesInterface, - }, - { - testEmptyPodSecurityPolicyIDRangesConf, - testEmptyPodSecurityPolicyIDRangesInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicyIDRanges(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicyIDRanges(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput []managementClient.IDRange - }{ - { - testPodSecurityPolicyIDRangesInterface, - testPodSecurityPolicyIDRangesConf, - }, - } - - for _, tc := range cases { - output := expandPodSecurityPolicyIDRanges(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_run_as_group.go b/rancher2/structure_pod_security_policy_run_as_group.go deleted file mode 100644 index 226f830a..00000000 --- a/rancher2/structure_pod_security_policy_run_as_group.go +++ /dev/null @@ -1,48 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicyRunAsGroup(in *managementClient.RunAsGroupStrategyOptions) []interface{} { - - if in == nil { - return []interface{}{} - } - - obj := make(map[string]interface{}) - - if len(in.Rule) > 0 { - obj["rule"] = in.Rule - } - if len(in.Ranges) > 0 { - obj["range"] = flattenPodSecurityPolicyIDRanges(in.Ranges) - } - - return []interface{}{obj} -} - -// Expanders - -func expandPodSecurityPolicyRunAsGroup(in []interface{}) *managementClient.RunAsGroupStrategyOptions { - - obj := &managementClient.RunAsGroupStrategyOptions{} - - if len(in) == 0 || in[0] == nil { - return obj - } - - m := in[0].(map[string]interface{}) - - if v, ok := m["rule"].(string); ok { - obj.Rule = v - } - - if v, ok := m["range"].([]interface{}); ok && len(v) > 0 { - obj.Ranges = expandPodSecurityPolicyIDRanges(v) - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_run_as_group_test.go b/rancher2/structure_pod_security_policy_run_as_group_test.go deleted file mode 100644 index 95e84949..00000000 --- a/rancher2/structure_pod_security_policy_run_as_group_test.go +++ /dev/null @@ -1,68 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicyRunAsGroupConf *managementClient.RunAsGroupStrategyOptions - testPodSecurityPolicyRunAsGroupInterface []interface{} - testNilPodSecurityPolicyRunAsGroupConf *managementClient.RunAsGroupStrategyOptions - testEmptyPodSecurityPolicyRunAsGroupInterface []interface{} -) - -func init() { - testPodSecurityPolicyRunAsGroupConf = &managementClient.RunAsGroupStrategyOptions{ - Rule: "RunAsAny", - Ranges: testPodSecurityPolicyIDRangesConf, - } - testPodSecurityPolicyRunAsGroupInterface = []interface{}{ - map[string]interface{}{ - "rule": "RunAsAny", - "range": testPodSecurityPolicyIDRangesInterface, - }, - } - testEmptyPodSecurityPolicyRunAsGroupInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicyRunAsGroup(t *testing.T) { - - cases := []struct { - Input *managementClient.RunAsGroupStrategyOptions - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicyRunAsGroupConf, - testPodSecurityPolicyRunAsGroupInterface, - }, - { - testNilPodSecurityPolicyRunAsGroupConf, - testEmptyPodSecurityPolicyRunAsGroupInterface, - }, - } - for _, tc := range cases { - output := flattenPodSecurityPolicyRunAsGroup(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicyRunAsGroup(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput *managementClient.RunAsGroupStrategyOptions - }{ - { - testPodSecurityPolicyRunAsGroupInterface, - testPodSecurityPolicyRunAsGroupConf, - }, - } - - for _, tc := range cases { - output := expandPodSecurityPolicyRunAsGroup(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_run_as_user.go b/rancher2/structure_pod_security_policy_run_as_user.go deleted file mode 100644 index 2b1e601a..00000000 --- a/rancher2/structure_pod_security_policy_run_as_user.go +++ /dev/null @@ -1,48 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicyRunAsUser(in *managementClient.RunAsUserStrategyOptions) []interface{} { - - if in == nil { - return []interface{}{} - } - - obj := make(map[string]interface{}) - - if len(in.Rule) > 0 { - obj["rule"] = string(in.Rule) - } - if len(in.Ranges) > 0 { - obj["range"] = flattenPodSecurityPolicyIDRanges(in.Ranges) - } - - return []interface{}{obj} -} - -// Expanders - -func expandPodSecurityPolicyRunAsUser(in []interface{}) *managementClient.RunAsUserStrategyOptions { - - obj := &managementClient.RunAsUserStrategyOptions{} - - if len(in) == 0 || in[0] == nil { - return obj - } - - m := in[0].(map[string]interface{}) - - if v, ok := m["rule"].(string); ok { - obj.Rule = v - } - - if v, ok := m["range"].([]interface{}); ok && len(v) > 0 { - obj.Ranges = expandPodSecurityPolicyIDRanges(v) - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_run_as_user_test.go b/rancher2/structure_pod_security_policy_run_as_user_test.go deleted file mode 100644 index b89eab87..00000000 --- a/rancher2/structure_pod_security_policy_run_as_user_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicyRunAsUserConf *managementClient.RunAsUserStrategyOptions - testPodSecurityPolicyRunAsUserInterface []interface{} - testNilPodSecurityPolicyRunAsUserConf *managementClient.RunAsUserStrategyOptions - testEmptyPodSecurityPolicyRunAsUserInterface []interface{} -) - -func init() { - testPodSecurityPolicyRunAsUserConf = &managementClient.RunAsUserStrategyOptions{ - Rule: "RunAsAny", - Ranges: testPodSecurityPolicyIDRangesConf, - } - testPodSecurityPolicyRunAsUserInterface = []interface{}{ - map[string]interface{}{ - "rule": "RunAsAny", - "range": testPodSecurityPolicyIDRangesInterface, - }, - } - testEmptyPodSecurityPolicyRunAsUserInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicyRunAsUser(t *testing.T) { - - cases := []struct { - Input *managementClient.RunAsUserStrategyOptions - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicyRunAsUserConf, - testPodSecurityPolicyRunAsUserInterface, - }, - { - testNilPodSecurityPolicyRunAsUserConf, - testEmptyPodSecurityPolicyRunAsUserInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicyRunAsUser(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicyRunAsUser(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput *managementClient.RunAsUserStrategyOptions - }{ - { - testPodSecurityPolicyRunAsUserInterface, - testPodSecurityPolicyRunAsUserConf, - }, - } - - for _, tc := range cases { - output := expandPodSecurityPolicyRunAsUser(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_runtime_class_strategy.go b/rancher2/structure_pod_security_policy_runtime_class_strategy.go deleted file mode 100644 index b0d1c3eb..00000000 --- a/rancher2/structure_pod_security_policy_runtime_class_strategy.go +++ /dev/null @@ -1,48 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicyRuntimeClassStrategy(in *managementClient.RuntimeClassStrategyOptions) []interface{} { - - if in == nil { - return []interface{}{} - } - - obj := make(map[string]interface{}) - - if len(in.AllowedRuntimeClassNames) > 0 { - obj["allowed_runtime_class_names"] = toArrayInterface(in.AllowedRuntimeClassNames) - } - if len(in.DefaultRuntimeClassName) > 0 { - obj["default_runtime_class_name"] = in.DefaultRuntimeClassName - } - - return []interface{}{obj} -} - -// Expanders - -func expandPodSecurityPolicyRuntimeClassStrategy(in []interface{}) *managementClient.RuntimeClassStrategyOptions { - - obj := &managementClient.RuntimeClassStrategyOptions{} - - if len(in) == 0 || in[0] == nil { - return obj - } - - m := in[0].(map[string]interface{}) - - if v, ok := m["allowed_runtime_class_names"].([]interface{}); ok { - obj.AllowedRuntimeClassNames = toArrayString(v) - } - - if v, ok := m["default_runtime_class_name"].(string); ok { - obj.DefaultRuntimeClassName = v - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_runtime_class_strategy_test.go b/rancher2/structure_pod_security_policy_runtime_class_strategy_test.go deleted file mode 100644 index 22c04b9a..00000000 --- a/rancher2/structure_pod_security_policy_runtime_class_strategy_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicyRuntimeClassStrategyConf *managementClient.RuntimeClassStrategyOptions - testPodSecurityPolicyRuntimeClassStrategyInterface []interface{} - testNilPodSecurityPolicyRuntimeClassStrategyConf *managementClient.RuntimeClassStrategyOptions - testEmptyPodSecurityPolicyRuntimeClassStrategyInterface []interface{} -) - -func init() { - testPodSecurityPolicyRuntimeClassStrategyConf = &managementClient.RuntimeClassStrategyOptions{ - AllowedRuntimeClassNames: []string{"foo", "bar"}, - DefaultRuntimeClassName: "foo", - } - testPodSecurityPolicyRuntimeClassStrategyInterface = []interface{}{ - map[string]interface{}{ - "allowed_runtime_class_names": toArrayInterface([]string{"foo", "bar"}), - "default_runtime_class_name": "foo", - }, - } - testEmptyPodSecurityPolicyRuntimeClassStrategyInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicyRuntimeClassStrategy(t *testing.T) { - - cases := []struct { - Input *managementClient.RuntimeClassStrategyOptions - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicyRuntimeClassStrategyConf, - testPodSecurityPolicyRuntimeClassStrategyInterface, - }, - { - testNilPodSecurityPolicyRuntimeClassStrategyConf, - testEmptyPodSecurityPolicyRuntimeClassStrategyInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicyRuntimeClassStrategy(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicyRuntimeClassStrategy(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput *managementClient.RuntimeClassStrategyOptions - }{ - { - testPodSecurityPolicyRuntimeClassStrategyInterface, - testPodSecurityPolicyRuntimeClassStrategyConf, - }, - } - - for _, tc := range cases { - output := expandPodSecurityPolicyRuntimeClassStrategy(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_se_linux_options.go b/rancher2/structure_pod_security_policy_se_linux_options.go deleted file mode 100644 index d7c8e1c5..00000000 --- a/rancher2/structure_pod_security_policy_se_linux_options.go +++ /dev/null @@ -1,65 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicySELinuxOptions(in *managementClient.SELinuxOptions) []interface{} { - - if in == nil { - return []interface{}{} - } - - obj := make(map[string]interface{}) - - if len(in.User) > 0 { - obj["user"] = in.User - } - - if len(in.Role) > 0 { - obj["role"] = in.Role - } - - if len(in.Type) > 0 { - obj["type"] = in.Type - } - - if len(in.Level) > 0 { - obj["level"] = in.Level - } - - return []interface{}{obj} -} - -// Expanders - -func expandPodSecurityPolicySELinuxOptions(in []interface{}) *managementClient.SELinuxOptions { - - obj := &managementClient.SELinuxOptions{} - - if len(in) == 0 || in[0] == nil { - return obj - } - - m := in[0].(map[string]interface{}) - - if v, ok := m["user"].(string); ok { - obj.User = v - } - - if v, ok := m["role"].(string); ok { - obj.Role = v - } - - if v, ok := m["type"].(string); ok { - obj.Type = v - } - - if v, ok := m["level"].(string); ok { - obj.Level = v - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_se_linux_options_test.go b/rancher2/structure_pod_security_policy_se_linux_options_test.go deleted file mode 100644 index 4315fdea..00000000 --- a/rancher2/structure_pod_security_policy_se_linux_options_test.go +++ /dev/null @@ -1,72 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicySELinuxOptionsConf *managementClient.SELinuxOptions - testPodSecurityPolicySELinuxOptionsInterface []interface{} - testNilPodSecurityPolicySELinuxOptionsConf *managementClient.SELinuxOptions - testEmptyPodSecurityPolicySELinuxOptionsInterface []interface{} -) - -func init() { - testPodSecurityPolicySELinuxOptionsConf = &managementClient.SELinuxOptions{ - User: "user", - Role: "role", - Type: "type", - Level: "level", - } - testPodSecurityPolicySELinuxOptionsInterface = []interface{}{ - map[string]interface{}{ - "user": "user", - "role": "role", - "type": "type", - "level": "level", - }, - } - testEmptyPodSecurityPolicySELinuxOptionsInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicySELinuxOptions(t *testing.T) { - - cases := []struct { - Input *managementClient.SELinuxOptions - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicySELinuxOptionsConf, - testPodSecurityPolicySELinuxOptionsInterface, - }, - { - testNilPodSecurityPolicySELinuxOptionsConf, - testEmptyPodSecurityPolicySELinuxOptionsInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicySELinuxOptions(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicySELinuxOptions(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput *managementClient.SELinuxOptions - }{ - { - testPodSecurityPolicySELinuxOptionsInterface, - testPodSecurityPolicySELinuxOptionsConf, - }, - } - for _, tc := range cases { - output := expandPodSecurityPolicySELinuxOptions(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_se_linux_strategy.go b/rancher2/structure_pod_security_policy_se_linux_strategy.go deleted file mode 100644 index b361576a..00000000 --- a/rancher2/structure_pod_security_policy_se_linux_strategy.go +++ /dev/null @@ -1,48 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicySELinuxStrategy(in *managementClient.SELinuxStrategyOptions) []interface{} { - - if in == nil { - return []interface{}{} - } - - obj := make(map[string]interface{}) - - if len(in.Rule) > 0 { - obj["rule"] = in.Rule - } - if in.SELinuxOptions != nil { - obj["se_linux_option"] = flattenPodSecurityPolicySELinuxOptions(in.SELinuxOptions) - } - - return []interface{}{obj} -} - -// Expanders - -func expandPodSecurityPolicySELinuxStrategy(in []interface{}) *managementClient.SELinuxStrategyOptions { - - obj := &managementClient.SELinuxStrategyOptions{} - - if len(in) == 0 || in[0] == nil { - return obj - } - - m := in[0].(map[string]interface{}) - - if v, ok := m["rule"].(string); ok { - obj.Rule = v - } - - if v, ok := m["se_linux_option"].([]interface{}); ok && len(v) > 0 { - obj.SELinuxOptions = expandPodSecurityPolicySELinuxOptions(v) - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_se_linux_strategy_test.go b/rancher2/structure_pod_security_policy_se_linux_strategy_test.go deleted file mode 100644 index a9531156..00000000 --- a/rancher2/structure_pod_security_policy_se_linux_strategy_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicySELinuxStrategyConf *managementClient.SELinuxStrategyOptions - testPodSecurityPolicySELinuxStrategyInterface []interface{} - testNilPodSecurityPolicySELinuxStrategyConf *managementClient.SELinuxStrategyOptions - testEmptyPodSecurityPolicySELinuxStrategyInterface []interface{} -) - -func init() { - testPodSecurityPolicySELinuxStrategyConf = &managementClient.SELinuxStrategyOptions{ - Rule: "RunAsAny", - SELinuxOptions: testPodSecurityPolicySELinuxOptionsConf, - } - testPodSecurityPolicySELinuxStrategyInterface = []interface{}{ - map[string]interface{}{ - "rule": "RunAsAny", - "se_linux_option": testPodSecurityPolicySELinuxOptionsInterface, - }, - } - testEmptyPodSecurityPolicySELinuxStrategyInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicySELinuxStrategy(t *testing.T) { - - cases := []struct { - Input *managementClient.SELinuxStrategyOptions - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicySELinuxStrategyConf, - testPodSecurityPolicySELinuxStrategyInterface, - }, - { - testNilPodSecurityPolicySELinuxStrategyConf, - testEmptyPodSecurityPolicySELinuxStrategyInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicySELinuxStrategy(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicySELinuxStrategy(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput *managementClient.SELinuxStrategyOptions - }{ - { - testPodSecurityPolicySELinuxStrategyInterface, - testPodSecurityPolicySELinuxStrategyConf, - }, - } - - for _, tc := range cases { - output := expandPodSecurityPolicySELinuxStrategy(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_supplemental_groups.go b/rancher2/structure_pod_security_policy_supplemental_groups.go deleted file mode 100644 index 2b0a3eee..00000000 --- a/rancher2/structure_pod_security_policy_supplemental_groups.go +++ /dev/null @@ -1,48 +0,0 @@ -package rancher2 - -import ( - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicySupplementalGroups(in *managementClient.SupplementalGroupsStrategyOptions) []interface{} { - - if in == nil { - return []interface{}{} - } - - obj := make(map[string]interface{}) - - if len(in.Rule) > 0 { - obj["rule"] = in.Rule - } - if len(in.Ranges) > 0 { - obj["range"] = flattenPodSecurityPolicyIDRanges(in.Ranges) - } - - return []interface{}{obj} -} - -// Expanders - -func expandPodSecurityPolicySupplementalGroups(in []interface{}) *managementClient.SupplementalGroupsStrategyOptions { - - obj := &managementClient.SupplementalGroupsStrategyOptions{} - - if len(in) == 0 || in[0] == nil { - return obj - } - - m := in[0].(map[string]interface{}) - - if v, ok := m["rule"].(string); ok { - obj.Rule = v - } - - if v, ok := m["range"].([]interface{}); ok && len(v) > 0 { - obj.Ranges = expandPodSecurityPolicyIDRanges(v) - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_supplemental_groups_test.go b/rancher2/structure_pod_security_policy_supplemental_groups_test.go deleted file mode 100644 index bd6cd24f..00000000 --- a/rancher2/structure_pod_security_policy_supplemental_groups_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package rancher2 - -import ( - "testing" - - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicySupplementalGroupsConf *managementClient.SupplementalGroupsStrategyOptions - testPodSecurityPolicySupplementalGroupsInterface []interface{} - testNilPodSecurityPolicySupplementalGroupsConf *managementClient.SupplementalGroupsStrategyOptions - testEmptyPodSecurityPolicySupplementalGroupsInterface []interface{} -) - -func init() { - testPodSecurityPolicySupplementalGroupsConf = &managementClient.SupplementalGroupsStrategyOptions{ - Rule: "RunAsAny", - Ranges: testPodSecurityPolicyIDRangesConf, - } - testPodSecurityPolicySupplementalGroupsInterface = []interface{}{ - map[string]interface{}{ - "rule": "RunAsAny", - "range": testPodSecurityPolicyIDRangesInterface, - }, - } - testEmptyPodSecurityPolicySupplementalGroupsInterface = []interface{}{} -} - -func TestFlattenPodSecurityPolicySupplementalGroups(t *testing.T) { - - cases := []struct { - Input *managementClient.SupplementalGroupsStrategyOptions - ExpectedOutput []interface{} - }{ - { - testPodSecurityPolicySupplementalGroupsConf, - testPodSecurityPolicySupplementalGroupsInterface, - }, - { - testNilPodSecurityPolicySupplementalGroupsConf, - testEmptyPodSecurityPolicySupplementalGroupsInterface, - }, - } - - for _, tc := range cases { - output := flattenPodSecurityPolicySupplementalGroups(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from flattener.") - } -} - -func TestExpandPodSecurityPolicySupplementalGroups(t *testing.T) { - - cases := []struct { - Input []interface{} - ExpectedOutput *managementClient.SupplementalGroupsStrategyOptions - }{ - { - testPodSecurityPolicySupplementalGroupsInterface, - testPodSecurityPolicySupplementalGroupsConf, - }, - } - - for _, tc := range cases { - output := expandPodSecurityPolicySupplementalGroups(tc.Input) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_pod_security_policy_template.go b/rancher2/structure_pod_security_policy_template.go deleted file mode 100644 index e8950440..00000000 --- a/rancher2/structure_pod_security_policy_template.go +++ /dev/null @@ -1,229 +0,0 @@ -package rancher2 - -import ( - "fmt" - - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" -) - -// Flatteners - -func flattenPodSecurityPolicyTemplate(d *schema.ResourceData, in *managementClient.PodSecurityPolicyTemplate) error { - if in == nil { - return fmt.Errorf("[ERROR] flattening pod security policy template: Input setting is nil") - } - - d.SetId(in.ID) - d.Set("name", in.Name) - - if len(in.Description) > 0 { - d.Set("description", in.Description) - } - - err := d.Set("annotations", toMapInterface(in.Annotations)) - if err != nil { - return err - } - - err = d.Set("labels", toMapInterface(in.Labels)) - if err != nil { - return err - } - - if in.AllowPrivilegeEscalation != nil { - d.Set("allow_privilege_escalation", *in.AllowPrivilegeEscalation) - } - - if len(in.AllowedCapabilities) > 0 { - d.Set("allowed_capabilities", toArrayInterface(in.AllowedCapabilities)) - } - - if len(in.AllowedCSIDrivers) > 0 { - d.Set("allowed_csi_driver", flattenPodSecurityPolicyAllowedCSIDrivers(in.AllowedCSIDrivers)) - } - - if len(in.AllowedFlexVolumes) > 0 { - d.Set("allowed_flex_volume", flattenPodSecurityPolicyAllowedFlexVolumes(in.AllowedFlexVolumes)) - } - - if len(in.AllowedHostPaths) > 0 { - d.Set("allowed_host_path", flattenPodSecurityPolicyAllowedHostPaths(in.AllowedHostPaths)) - } - - if len(in.AllowedProcMountTypes) > 0 { - d.Set("allowed_proc_mount_types", toArrayInterface(in.AllowedProcMountTypes)) - } - - if len(in.AllowedUnsafeSysctls) > 0 { - d.Set("allowed_unsafe_sysctls", toArrayInterface(in.AllowedUnsafeSysctls)) - } - - if len(in.DefaultAddCapabilities) > 0 { - d.Set("default_add_capabilities", toArrayInterface(in.DefaultAddCapabilities)) - } - - if in.DefaultAllowPrivilegeEscalation != nil { - d.Set("default_allow_privilege_escalation", *in.DefaultAllowPrivilegeEscalation) - } - - if len(in.ForbiddenSysctls) > 0 { - d.Set("forbidden_sysctls", toArrayInterface(in.ForbiddenSysctls)) - } - - d.Set("fs_group", flattenPodSecurityPolicyFSGroup(in.FSGroup)) - d.Set("host_ipc", in.HostIPC) - d.Set("host_network", in.HostNetwork) - d.Set("host_pid", in.HostPID) - - if len(in.HostPorts) > 0 { - d.Set("host_port", flattenPodSecurityPolicyHostPortRanges(in.HostPorts)) - } - - d.Set("privileged", in.Privileged) - d.Set("read_only_root_filesystem", in.ReadOnlyRootFilesystem) - - if len(in.RequiredDropCapabilities) > 0 { - d.Set("required_drop_capabilities", toArrayInterface(in.RequiredDropCapabilities)) - } - - d.Set("run_as_user", flattenPodSecurityPolicyRunAsUser(in.RunAsUser)) - - if in.RunAsGroup != nil { - d.Set("run_as_group", flattenPodSecurityPolicyRunAsGroup(in.RunAsGroup)) - } - - d.Set("runtime_class", flattenPodSecurityPolicyRuntimeClassStrategy(in.RuntimeClass)) - d.Set("se_linux", flattenPodSecurityPolicySELinuxStrategy(in.SELinux)) - d.Set("supplemental_group", flattenPodSecurityPolicySupplementalGroups(in.SupplementalGroups)) - d.Set("volumes", toArrayInterface(in.Volumes)) - - return nil -} - -func expandPodSecurityPolicyTemplate(in *schema.ResourceData) *managementClient.PodSecurityPolicyTemplate { - - if in == nil { - return nil - } - - obj := &managementClient.PodSecurityPolicyTemplate{} - - if v := in.Id(); len(v) > 0 { - obj.ID = v - } - - if v, ok := in.Get("name").(string); ok && len(v) > 0 { - obj.Name = v - } - - if v, ok := in.Get("description").(string); ok && len(v) > 0 { - obj.Description = v - } - - if v, ok := in.Get("annotations").(map[string]interface{}); ok && len(v) > 0 { - obj.Annotations = toMapString(v) - } - - if v, ok := in.Get("labels").(map[string]interface{}); ok && len(v) > 0 { - obj.Labels = toMapString(v) - } - - if v, ok := in.Get("allow_privilege_escalation").(bool); ok { - obj.AllowPrivilegeEscalation = &v - } - - if v, ok := in.Get("allowed_capabilities").([]interface{}); ok && len(v) > 0 { - obj.AllowedCapabilities = toArrayString(v) - } - - if v, ok := in.Get("allowed_csi_driver").([]interface{}); ok && len(v) > 0 { - obj.AllowedCSIDrivers = expandPodSecurityPolicyAllowedCSIDrivers(v) - } - - if v, ok := in.Get("allowed_flex_volume").([]interface{}); ok && len(v) > 0 { - obj.AllowedFlexVolumes = expandPodSecurityPolicyAllowedFlexVolumes(v) - } - - if v, ok := in.Get("allowed_host_path").([]interface{}); ok && len(v) > 0 { - obj.AllowedHostPaths = expandPodSecurityPolicyAllowedHostPaths(v) - } - - if v, ok := in.Get("allowed_proc_mount_types").([]interface{}); ok && len(v) > 0 { - obj.AllowedProcMountTypes = toArrayString(v) - } - - if v, ok := in.Get("allowed_unsafe_sysctls").([]interface{}); ok && len(v) > 0 { - obj.AllowedUnsafeSysctls = toArrayString(v) - } - - if v, ok := in.Get("default_add_capabilities").([]interface{}); ok && len(v) > 0 { - obj.DefaultAddCapabilities = toArrayString(v) - } - - if v, ok := in.Get("default_allow_privilege_escalation").(bool); ok { - obj.DefaultAllowPrivilegeEscalation = &v - } - - if v, ok := in.Get("forbidden_sysctls").([]interface{}); ok && len(v) > 0 { - obj.ForbiddenSysctls = toArrayString(v) - } - - if v, ok := in.Get("fs_group").([]interface{}); ok && len(v) > 0 { - obj.FSGroup = expandPodSecurityPolicyFSGroup(v) - } - - if v, ok := in.Get("host_ipc").(bool); ok { - obj.HostIPC = v - } - - if v, ok := in.Get("host_network").(bool); ok { - obj.HostNetwork = v - } - - if v, ok := in.Get("host_pid").(bool); ok { - obj.HostPID = v - } - - if v, ok := in.Get("host_port").([]interface{}); ok && len(v) > 0 { - obj.HostPorts = expandPodSecurityPolicyHostPortRanges(v) - } - - if v, ok := in.Get("privileged").(bool); ok { - obj.Privileged = v - } - - if v, ok := in.Get("read_only_root_filesystem").(bool); ok { - obj.ReadOnlyRootFilesystem = v - } - - if v, ok := in.Get("required_drop_capabilities").([]interface{}); ok && len(v) > 0 { - obj.RequiredDropCapabilities = toArrayString(v) - } - - if v, ok := in.Get("run_as_user").([]interface{}); ok && len(v) > 0 { - obj.RunAsUser = expandPodSecurityPolicyRunAsUser(v) - } - - if v, ok := in.Get("run_as_group").([]interface{}); ok && len(v) > 0 { - obj.RunAsGroup = expandPodSecurityPolicyRunAsGroup(v) - } - - if v, ok := in.Get("runtime_class").([]interface{}); ok && len(v) > 0 { - obj.RuntimeClass = expandPodSecurityPolicyRuntimeClassStrategy(v) - } - - if v, ok := in.Get("se_linux").([]interface{}); ok && len(v) > 0 { - obj.SELinux = expandPodSecurityPolicySELinuxStrategy(v) - } - - if v, ok := in.Get("supplemental_group").([]interface{}); ok && len(v) > 0 { - obj.SupplementalGroups = expandPodSecurityPolicySupplementalGroups(v) - } - - if v, ok := in.Get("volumes").([]interface{}); ok && len(v) > 0 { - obj.Volumes = toArrayString(v) - } - - return obj -} diff --git a/rancher2/structure_pod_security_policy_template_test.go b/rancher2/structure_pod_security_policy_template_test.go deleted file mode 100644 index f59d5eec..00000000 --- a/rancher2/structure_pod_security_policy_template_test.go +++ /dev/null @@ -1,140 +0,0 @@ -package rancher2 - -import ( - "reflect" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - managementClient "github.com/rancher/rancher/pkg/client/generated/management/v3" - "github.com/stretchr/testify/assert" -) - -var ( - testPodSecurityPolicyBool bool - testPodSecurityPolicyTemplateConf *managementClient.PodSecurityPolicyTemplate - testPodSecurityPolicyTemplateInterface map[string]interface{} -) - -func init() { - testPodSecurityPolicyBool = true - testPodSecurityPolicyTemplateConf = &managementClient.PodSecurityPolicyTemplate{ - Name: "name", - Description: "description", - Annotations: map[string]string{ - "node_one": "one", - "node_two": "two", - }, - Labels: map[string]string{ - "option1": "value1", - "option2": "value2", - }, - Privileged: true, - DefaultAddCapabilities: []string{"NET_ADMIN"}, - RequiredDropCapabilities: []string{"NET_ADMIN"}, - AllowedCapabilities: []string{"NET_ADMIN"}, - Volumes: []string{"hostPath", "emptyDir"}, - HostNetwork: true, - HostPorts: testPodSecurityPolicyHostPortRangesConf, - HostPID: false, - HostIPC: true, - SELinux: testPodSecurityPolicySELinuxStrategyConf, - RunAsUser: testPodSecurityPolicyRunAsUserConf, - RunAsGroup: testPodSecurityPolicyRunAsGroupConf, - SupplementalGroups: testPodSecurityPolicySupplementalGroupsConf, - FSGroup: testPodSecurityPolicyFSGroupConf, - ReadOnlyRootFilesystem: false, - DefaultAllowPrivilegeEscalation: &testPodSecurityPolicyBool, - AllowPrivilegeEscalation: &testPodSecurityPolicyBool, - AllowedHostPaths: testPodSecurityPolicyAllowedHostPathsConf, - AllowedFlexVolumes: testPodSecurityPolicyAllowedFlexVolumesConf, - AllowedCSIDrivers: testPodSecurityPolicyAllowedCSIDriversConf, - AllowedUnsafeSysctls: []string{"foo", "bar"}, - ForbiddenSysctls: []string{"foo", "bar"}, - AllowedProcMountTypes: []string{"Default", "Unmasked"}, - RuntimeClass: testPodSecurityPolicyRuntimeClassStrategyConf, - } - testPodSecurityPolicyTemplateInterface = map[string]interface{}{ - "name": "name", - "description": "description", - "annotations": map[string]interface{}{ - "node_one": "one", - "node_two": "two", - }, - "labels": map[string]interface{}{ - "option1": "value1", - "option2": "value2", - }, - "privileged": true, - "default_add_capabilities": toArrayInterface([]string{"NET_ADMIN"}), - "required_drop_capabilities": toArrayInterface([]string{"NET_ADMIN"}), - "allowed_capabilities": toArrayInterface([]string{"NET_ADMIN"}), - "volumes": toArrayInterface([]string{"hostPath", "emptyDir"}), - "host_network": true, - "host_port": testPodSecurityPolicyHostPortRangesInterface, - "host_pid": false, - "host_ipc": true, - "se_linux": testPodSecurityPolicySELinuxStrategyInterface, - "run_as_user": testPodSecurityPolicyRunAsUserInterface, - "run_as_group": testPodSecurityPolicyRunAsGroupInterface, - "supplemental_group": testPodSecurityPolicySupplementalGroupsInterface, - "fs_group": testPodSecurityPolicyFSGroupInterface, - "read_only_root_filesystem": false, - "default_allow_privilege_escalation": testPodSecurityPolicyBool, - "allow_privilege_escalation": testPodSecurityPolicyBool, - "allowed_host_path": testPodSecurityPolicyAllowedHostPathsInterface, - "allowed_flex_volume": testPodSecurityPolicyAllowedFlexVolumesInterface, - "allowed_csi_driver": testPodSecurityPolicyAllowedCSIDriversInterface, - "allowed_unsafe_sysctls": toArrayInterface([]string{"foo", "bar"}), - "forbidden_sysctls": toArrayInterface([]string{"foo", "bar"}), - "allowed_proc_mount_types": toArrayInterface([]string{"Default", "Unmasked"}), - "runtime_class": testPodSecurityPolicyRuntimeClassStrategyInterface, - } -} - -func TestFlattenPodSecurityPolicyTemplate(t *testing.T) { - - cases := []struct { - Input *managementClient.PodSecurityPolicyTemplate - ExpectedOutput map[string]interface{} - }{ - { - testPodSecurityPolicyTemplateConf, - testPodSecurityPolicyTemplateInterface, - }, - } - - for _, tc := range cases { - output := schema.TestResourceDataRaw(t, podSecurityPolicyTemplateFields(), map[string]interface{}{}) - err := flattenPodSecurityPolicyTemplate(output, tc.Input) - if err != nil { - assert.FailNow(t, "[ERROR] on flattener: %#v", err) - } - given := map[string]interface{}{} - for k := range tc.ExpectedOutput { - given[k] = output.Get(k) - } - if !reflect.DeepEqual(given, tc.ExpectedOutput) { - assert.FailNow(t, "Unexpected output from flattener.\nExpected: %#v\nGiven: %#v", - tc.ExpectedOutput, given) - } - } -} - -func TestExpandPodSecurityPolicyTemplate(t *testing.T) { - - cases := []struct { - Input map[string]interface{} - ExpectedOutput *managementClient.PodSecurityPolicyTemplate - }{ - { - testPodSecurityPolicyTemplateInterface, - testPodSecurityPolicyTemplateConf, - }, - } - - for _, tc := range cases { - inputResourceData := schema.TestResourceDataRaw(t, podSecurityPolicyTemplateFields(), tc.Input) - output := expandPodSecurityPolicyTemplate(inputResourceData) - assert.Equal(t, tc.ExpectedOutput, output, "Unexpected output from expander.") - } -} diff --git a/rancher2/structure_project.go b/rancher2/structure_project.go index 9a99103e..223204e4 100644 --- a/rancher2/structure_project.go +++ b/rancher2/structure_project.go @@ -127,8 +127,6 @@ func flattenProject(d *schema.ResourceData, in *managementClient.Project) error } } - d.Set("pod_security_policy_template_id", in.PodSecurityPolicyTemplateName) - if in.ResourceQuota != nil && in.NamespaceDefaultResourceQuota != nil { resourceQuota := flattenProjectResourceQuota(in.ResourceQuota, in.NamespaceDefaultResourceQuota) err := d.Set("resource_quota", resourceQuota) @@ -280,8 +278,6 @@ func expandProject(in *schema.ResourceData) *managementClient.Project { obj.ContainerDefaultResourceLimit = containerLimit } - obj.PodSecurityPolicyTemplateName = in.Get("pod_security_policy_template_id").(string) - if v, ok := in.Get("resource_quota").([]interface{}); ok && len(v) > 0 { resourceQuota, nsResourceQuota := expandProjectResourceQuota(v) obj.ResourceQuota = resourceQuota diff --git a/rancher2/structure_project_test.go b/rancher2/structure_project_test.go index 7cea0191..03d20bb2 100644 --- a/rancher2/structure_project_test.go +++ b/rancher2/structure_project_test.go @@ -119,17 +119,15 @@ func init() { Name: "test", ContainerDefaultResourceLimit: testProjectContainerResourceLimitConf, Description: "description", - PodSecurityPolicyTemplateName: "pod_security_policy_template_id", ResourceQuota: testProjectResourceQuotaConf, NamespaceDefaultResourceQuota: testProjectNamespaceResourceQuotaConf, } testProjectInterface = map[string]interface{}{ - "cluster_id": "cluster-test", - "name": "test", - "container_resource_limit": testProjectContainerResourceLimitInterface, - "description": "description", - "pod_security_policy_template_id": "pod_security_policy_template_id", - "resource_quota": testProjectResourceQuotaInterface, + "cluster_id": "cluster-test", + "name": "test", + "container_resource_limit": testProjectContainerResourceLimitInterface, + "description": "description", + "resource_quota": testProjectResourceQuotaInterface, } } @@ -203,7 +201,7 @@ func TestFlattenProject(t *testing.T) { for _, tc := range cases { output := schema.TestResourceDataRaw(t, projectFields(), map[string]interface{}{}) - err := flattenProject(output, tc.Input, nil) + err := flattenProject(output, tc.Input) if err != nil { assert.FailNow(t, "[ERROR] on flattener: %#v", err) } diff --git a/terraform-provider-rancher2 b/terraform-provider-rancher2 new file mode 100755 index 00000000..8d15262f Binary files /dev/null and b/terraform-provider-rancher2 differ