mirror of
https://github.com/bpg/terraform-provider-proxmox.git
synced 2025-07-05 05:24:01 +00:00
fix(firewall): Add support for firewall flag for LXC/VM net adapters (#295)
This commit is contained in:
Pavel Boldyrev
GitHub
parent
be3995e969
commit
f4783f8cda
@ -142,6 +142,8 @@ output "ubuntu_container_public_key" {
|
|||||||
to `vmbr0`).
|
to `vmbr0`).
|
||||||
- `enabled` - (Optional) Whether to enable the network device (defaults
|
- `enabled` - (Optional) Whether to enable the network device (defaults
|
||||||
to `true`).
|
to `true`).
|
||||||
|
- `firewall` - (Optional) Whether this interface's firewall rules should be
|
||||||
|
used (defaults to `false`).
|
||||||
- `mac_address` - (Optional) The MAC address.
|
- `mac_address` - (Optional) The MAC address.
|
||||||
- `mtu` - (Optional) Maximum transfer unit of the interface. Cannot be
|
- `mtu` - (Optional) Maximum transfer unit of the interface. Cannot be
|
||||||
larger than the bridge's MTU.
|
larger than the bridge's MTU.
|
||||||
@ -173,7 +175,8 @@ output "ubuntu_container_public_key" {
|
|||||||
the host (defaults to `false`).
|
the host (defaults to `false`).
|
||||||
- `vm_id` - (Optional) The virtual machine identifier
|
- `vm_id` - (Optional) The virtual machine identifier
|
||||||
- `features` - (Optional) The container features
|
- `features` - (Optional) The container features
|
||||||
- `nesting` - (Optional) Whether the container is nested (defaults to `false`)
|
- `nesting` - (Optional) Whether the container is nested (defaults
|
||||||
|
to `false`)
|
||||||
|
|
||||||
## Attribute Reference
|
## Attribute Reference
|
||||||
|
|
||||||
|
|||||||
@ -327,6 +327,8 @@ output "ubuntu_vm_public_key" {
|
|||||||
to `vmbr0`).
|
to `vmbr0`).
|
||||||
- `enabled` - (Optional) Whether to enable the network device (defaults
|
- `enabled` - (Optional) Whether to enable the network device (defaults
|
||||||
to `true`).
|
to `true`).
|
||||||
|
- `firewall` - (Optional) Whether this interface's firewall rules should be
|
||||||
|
used (defaults to `false`).
|
||||||
- `mac_address` - (Optional) The MAC address.
|
- `mac_address` - (Optional) The MAC address.
|
||||||
- `model` - (Optional) The network device model (defaults to `virtio`).
|
- `model` - (Optional) The network device model (defaults to `virtio`).
|
||||||
- `e1000` - Intel E1000.
|
- `e1000` - Intel E1000.
|
||||||
|
|||||||
@ -47,6 +47,7 @@ const (
|
|||||||
dvResourceVirtualEnvironmentContainerMemorySwap = 0
|
dvResourceVirtualEnvironmentContainerMemorySwap = 0
|
||||||
dvResourceVirtualEnvironmentContainerNetworkInterfaceBridge = "vmbr0"
|
dvResourceVirtualEnvironmentContainerNetworkInterfaceBridge = "vmbr0"
|
||||||
dvResourceVirtualEnvironmentContainerNetworkInterfaceEnabled = true
|
dvResourceVirtualEnvironmentContainerNetworkInterfaceEnabled = true
|
||||||
|
dvResourceVirtualEnvironmentContainerNetworkInterfaceFirewall = false
|
||||||
dvResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress = ""
|
dvResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress = ""
|
||||||
dvResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit = 0
|
dvResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit = 0
|
||||||
dvResourceVirtualEnvironmentContainerNetworkInterfaceVLANID = 0
|
dvResourceVirtualEnvironmentContainerNetworkInterfaceVLANID = 0
|
||||||
@ -98,6 +99,7 @@ const (
|
|||||||
mkResourceVirtualEnvironmentContainerNetworkInterface = "network_interface"
|
mkResourceVirtualEnvironmentContainerNetworkInterface = "network_interface"
|
||||||
mkResourceVirtualEnvironmentContainerNetworkInterfaceBridge = "bridge"
|
mkResourceVirtualEnvironmentContainerNetworkInterfaceBridge = "bridge"
|
||||||
mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled = "enabled"
|
mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled = "enabled"
|
||||||
|
mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall = "firewall"
|
||||||
mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress = "mac_address"
|
mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress = "mac_address"
|
||||||
mkResourceVirtualEnvironmentContainerNetworkInterfaceName = "name"
|
mkResourceVirtualEnvironmentContainerNetworkInterfaceName = "name"
|
||||||
mkResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit = "rate_limit"
|
mkResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit = "rate_limit"
|
||||||
@ -510,6 +512,12 @@ func Container() *schema.Resource {
|
|||||||
Optional: true,
|
Optional: true,
|
||||||
Default: dvResourceVirtualEnvironmentContainerNetworkInterfaceEnabled,
|
Default: dvResourceVirtualEnvironmentContainerNetworkInterfaceEnabled,
|
||||||
},
|
},
|
||||||
|
mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall: {
|
||||||
|
Type: schema.TypeBool,
|
||||||
|
Description: "Whether this interface's firewall rules should be used.",
|
||||||
|
Optional: true,
|
||||||
|
Default: dvResourceVirtualEnvironmentContainerNetworkInterfaceFirewall,
|
||||||
|
},
|
||||||
mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress: {
|
mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress: {
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Description: "The MAC address",
|
Description: "The MAC address",
|
||||||
@ -888,6 +896,9 @@ func containerCreateClone(ctx context.Context, d *schema.ResourceData, m interfa
|
|||||||
|
|
||||||
bridge := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceBridge].(string)
|
bridge := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceBridge].(string)
|
||||||
enabled := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled].(bool)
|
enabled := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled].(bool)
|
||||||
|
firewall := types.CustomBool(
|
||||||
|
networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall].(bool),
|
||||||
|
)
|
||||||
macAddress := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress].(string)
|
macAddress := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress].(string)
|
||||||
name := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceName].(string)
|
name := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceName].(string)
|
||||||
rateLimit := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit].(float64)
|
rateLimit := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit].(float64)
|
||||||
@ -899,6 +910,7 @@ func containerCreateClone(ctx context.Context, d *schema.ResourceData, m interfa
|
|||||||
}
|
}
|
||||||
|
|
||||||
networkInterfaceObject.Enabled = enabled
|
networkInterfaceObject.Enabled = enabled
|
||||||
|
networkInterfaceObject.Firewall = &firewall
|
||||||
|
|
||||||
if len(initializationIPConfigIPv4Address) > ni {
|
if len(initializationIPConfigIPv4Address) > ni {
|
||||||
if initializationIPConfigIPv4Address[ni] != "" {
|
if initializationIPConfigIPv4Address[ni] != "" {
|
||||||
@ -1418,6 +1430,11 @@ func containerGetExistingNetworkInterface(
|
|||||||
}
|
}
|
||||||
|
|
||||||
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled] = true
|
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled] = true
|
||||||
|
if nv.Firewall != nil {
|
||||||
|
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall] = *nv.Firewall
|
||||||
|
} else {
|
||||||
|
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall] = false
|
||||||
|
}
|
||||||
|
|
||||||
if nv.MACAddress != nil {
|
if nv.MACAddress != nil {
|
||||||
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress] = *nv.MACAddress
|
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress] = *nv.MACAddress
|
||||||
@ -1776,6 +1793,12 @@ func containerRead(ctx context.Context, d *schema.ResourceData, m interface{}) d
|
|||||||
|
|
||||||
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled] = true
|
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled] = true
|
||||||
|
|
||||||
|
if nv.Firewall != nil {
|
||||||
|
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall] = *nv.Firewall
|
||||||
|
} else {
|
||||||
|
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall] = false
|
||||||
|
}
|
||||||
|
|
||||||
if nv.MACAddress != nil {
|
if nv.MACAddress != nil {
|
||||||
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress] = *nv.MACAddress
|
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress] = *nv.MACAddress
|
||||||
} else {
|
} else {
|
||||||
@ -2150,6 +2173,9 @@ func containerUpdate(ctx context.Context, d *schema.ResourceData, m interface{})
|
|||||||
|
|
||||||
bridge := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceBridge].(string)
|
bridge := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceBridge].(string)
|
||||||
enabled := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled].(bool)
|
enabled := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled].(bool)
|
||||||
|
firewall := types.CustomBool(
|
||||||
|
networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall].(bool),
|
||||||
|
)
|
||||||
macAddress := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress].(string)
|
macAddress := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress].(string)
|
||||||
name := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceName].(string)
|
name := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceName].(string)
|
||||||
rateLimit := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit].(float64)
|
rateLimit := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit].(float64)
|
||||||
@ -2161,6 +2187,7 @@ func containerUpdate(ctx context.Context, d *schema.ResourceData, m interface{})
|
|||||||
}
|
}
|
||||||
|
|
||||||
networkInterfaceObject.Enabled = enabled
|
networkInterfaceObject.Enabled = enabled
|
||||||
|
networkInterfaceObject.Firewall = &firewall
|
||||||
|
|
||||||
if len(initializationIPConfigIPv4Address) > ni {
|
if len(initializationIPConfigIPv4Address) > ni {
|
||||||
if initializationIPConfigIPv4Address[ni] != "" {
|
if initializationIPConfigIPv4Address[ni] != "" {
|
||||||
|
|||||||
@ -83,6 +83,7 @@ const (
|
|||||||
dvResourceVirtualEnvironmentVMName = ""
|
dvResourceVirtualEnvironmentVMName = ""
|
||||||
dvResourceVirtualEnvironmentVMNetworkDeviceBridge = "vmbr0"
|
dvResourceVirtualEnvironmentVMNetworkDeviceBridge = "vmbr0"
|
||||||
dvResourceVirtualEnvironmentVMNetworkDeviceEnabled = true
|
dvResourceVirtualEnvironmentVMNetworkDeviceEnabled = true
|
||||||
|
dvResourceVirtualEnvironmentVMNetworkDeviceFirewall = false
|
||||||
dvResourceVirtualEnvironmentVMNetworkDeviceMACAddress = ""
|
dvResourceVirtualEnvironmentVMNetworkDeviceMACAddress = ""
|
||||||
dvResourceVirtualEnvironmentVMNetworkDeviceModel = "virtio"
|
dvResourceVirtualEnvironmentVMNetworkDeviceModel = "virtio"
|
||||||
dvResourceVirtualEnvironmentVMNetworkDeviceRateLimit = 0
|
dvResourceVirtualEnvironmentVMNetworkDeviceRateLimit = 0
|
||||||
@ -198,6 +199,7 @@ const (
|
|||||||
mkResourceVirtualEnvironmentVMNetworkDevice = "network_device"
|
mkResourceVirtualEnvironmentVMNetworkDevice = "network_device"
|
||||||
mkResourceVirtualEnvironmentVMNetworkDeviceBridge = "bridge"
|
mkResourceVirtualEnvironmentVMNetworkDeviceBridge = "bridge"
|
||||||
mkResourceVirtualEnvironmentVMNetworkDeviceEnabled = "enabled"
|
mkResourceVirtualEnvironmentVMNetworkDeviceEnabled = "enabled"
|
||||||
|
mkResourceVirtualEnvironmentVMNetworkDeviceFirewall = "firewall"
|
||||||
mkResourceVirtualEnvironmentVMNetworkDeviceMACAddress = "mac_address"
|
mkResourceVirtualEnvironmentVMNetworkDeviceMACAddress = "mac_address"
|
||||||
mkResourceVirtualEnvironmentVMNetworkDeviceModel = "model"
|
mkResourceVirtualEnvironmentVMNetworkDeviceModel = "model"
|
||||||
mkResourceVirtualEnvironmentVMNetworkDeviceRateLimit = "rate_limit"
|
mkResourceVirtualEnvironmentVMNetworkDeviceRateLimit = "rate_limit"
|
||||||
@ -982,6 +984,12 @@ func VM() *schema.Resource {
|
|||||||
Optional: true,
|
Optional: true,
|
||||||
Default: dvResourceVirtualEnvironmentVMNetworkDeviceEnabled,
|
Default: dvResourceVirtualEnvironmentVMNetworkDeviceEnabled,
|
||||||
},
|
},
|
||||||
|
mkResourceVirtualEnvironmentVMNetworkDeviceFirewall: {
|
||||||
|
Type: schema.TypeBool,
|
||||||
|
Description: "Whether this interface's firewall rules should be used",
|
||||||
|
Optional: true,
|
||||||
|
Default: dvResourceVirtualEnvironmentVMNetworkDeviceEnabled,
|
||||||
|
},
|
||||||
mkResourceVirtualEnvironmentVMNetworkDeviceMACAddress: {
|
mkResourceVirtualEnvironmentVMNetworkDeviceMACAddress: {
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Description: "The MAC address",
|
Description: "The MAC address",
|
||||||
@ -2602,16 +2610,18 @@ func vmGetNetworkDeviceObjects(d *schema.ResourceData) proxmox.CustomNetworkDevi
|
|||||||
for i, networkDeviceEntry := range networkDevice {
|
for i, networkDeviceEntry := range networkDevice {
|
||||||
block := networkDeviceEntry.(map[string]interface{})
|
block := networkDeviceEntry.(map[string]interface{})
|
||||||
|
|
||||||
bridge, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceBridge].(string)
|
bridge := block[mkResourceVirtualEnvironmentVMNetworkDeviceBridge].(string)
|
||||||
enabled, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceEnabled].(bool)
|
enabled := block[mkResourceVirtualEnvironmentVMNetworkDeviceEnabled].(bool)
|
||||||
macAddress, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceMACAddress].(string)
|
firewall := types.CustomBool(block[mkResourceVirtualEnvironmentVMNetworkDeviceFirewall].(bool))
|
||||||
model, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceModel].(string)
|
macAddress := block[mkResourceVirtualEnvironmentVMNetworkDeviceMACAddress].(string)
|
||||||
rateLimit, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceRateLimit].(float64)
|
model := block[mkResourceVirtualEnvironmentVMNetworkDeviceModel].(string)
|
||||||
vlanID, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceVLANID].(int)
|
rateLimit := block[mkResourceVirtualEnvironmentVMNetworkDeviceRateLimit].(float64)
|
||||||
mtu, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceMTU].(int)
|
vlanID := block[mkResourceVirtualEnvironmentVMNetworkDeviceVLANID].(int)
|
||||||
|
mtu := block[mkResourceVirtualEnvironmentVMNetworkDeviceMTU].(int)
|
||||||
|
|
||||||
device := proxmox.CustomNetworkDevice{
|
device := proxmox.CustomNetworkDevice{
|
||||||
Enabled: enabled,
|
Enabled: enabled,
|
||||||
|
Firewall: &firewall,
|
||||||
Model: model,
|
Model: model,
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3478,6 +3488,12 @@ func vmReadCustom(
|
|||||||
|
|
||||||
networkDevice[mkResourceVirtualEnvironmentVMNetworkDeviceEnabled] = nd.Enabled
|
networkDevice[mkResourceVirtualEnvironmentVMNetworkDeviceEnabled] = nd.Enabled
|
||||||
|
|
||||||
|
if nd.Firewall != nil {
|
||||||
|
networkDevice[mkResourceVirtualEnvironmentVMNetworkDeviceFirewall] = *nd.Firewall
|
||||||
|
} else {
|
||||||
|
networkDevice[mkResourceVirtualEnvironmentVMNetworkDeviceFirewall] = false
|
||||||
|
}
|
||||||
|
|
||||||
if nd.MACAddress != nil {
|
if nd.MACAddress != nil {
|
||||||
macAddresses[ni] = *nd.MACAddress
|
macAddresses[ni] = *nd.MACAddress
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user