Merge branch 'feat/add-waf' of github.com:yfodil/terraform-provider-scaleway into feat/add-waf

Author: yfodil

docs/resources/tem_domain.md

@@ -113,6 +113,7 @@ The following arguments are supported:
   ~> **Important:** This attribute must be set to `true`.
 
 - `region` - (Defaults to [provider](../index.md#region) `region`). The [region](../guides/regions_and_zones.md#regions) in which the domain should be created.
+  ~> **Important:** Currently, only fr-par is supported. Specifying any other region will cause an error.
 
 - `project_id` - (Defaults to [provider](../index.md#project_id) `project_id`) The ID of the project the domain is associated with.
 

docs/resources/vpc_acl.md

@@ -0,0 +1,70 @@
+---
+subcategory: "VPC"
+page_title: "Scaleway: scaleway_vpc_acl"
+---
+
+# Resource: scaleway_vpc_acl
+
+Creates and manages Scaleway VPC ACLs.
+
+## Example Usage
+
+### Basic
+
+```terraform
+resource "scaleway_vpc" "vpc01" {
+  name = "tf-vpc-acl"
+}
+
+resource "scaleway_vpc_acl" "acl01" {
+  vpc_id   = scaleway_vpc.vpc01.id
+  is_ipv6  = false
+  rules {
+    protocol      = "TCP"
+    src_port_low  = 0
+    src_port_high = 0
+    dst_port_low  = 80
+    dst_port_high = 80
+    source        = "0.0.0.0/0"
+    destination   = "0.0.0.0/0"
+    description   = "Allow HTTP traffic from any source"
+    action        = "accept"
+  }
+  default_policy = "drop"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+- `vpc_id` - (Required) The VPC ID the ACL belongs to.
+- `default_policy` - (Required) The action to take for packets which do not match any rules.
+- `is_ipv6` - (Optional) Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type.
+- `rules` - (Optional) The list of Network ACL rules.
+    - `protocol` - (Optional) The protocol to which this rule applies. Default value: ANY.
+    - `source` - (Optional) The Source IP range to which this rule applies (CIDR notation with subnet mask).
+    - `src_port_low` - (Optional) The starting port of the source port range to which this rule applies (inclusive).
+    - `src_port_high` - (Optional) The ending port of the source port range to which this rule applies (inclusive).
+    - `destination` - (Optional) The destination IP range to which this rule applies (CIDR notation with subnet mask).
+    - `dst_port_low` - (Optional) The starting port of the destination port range to which this rule applies (inclusive).
+    - `dst_port_high` - (Optional) The ending port of the destination port range to which this rule applies (inclusive).
+    - `action` - (Optional) The policy to apply to the packet.
+    - `description` - (Optional) The rule description.
+- `region` - (Defaults to [provider](../index.md#region) `region`) The [region](../guides/regions_and_zones.md#regions) of the ACL.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+- `id` - The ID of the ACL.
+
+~> **Important:** ACLs' IDs are [regional](../guides/regions_and_zones.md#resource-ids), which means they are of the form `{region}/{id}`, e.g. `fr-par/11111111-1111-1111-1111-111111111111
+
+## Import
+
+ACLs can be imported using `{region}/{id}`, e.g.
+
+```bash
+terraform import scaleway_vpc_acl.main fr-par/11111111-1111-1111-1111-111111111111
+```

internal/provider/provider.go

@@ -228,6 +228,7 @@ func Provider(config *Config) plugin.ProviderFunc {
 				"scaleway_tem_domain_validation":               tem.ResourceDomainValidation(),
 				"scaleway_tem_webhook":                         tem.ResourceWebhook(),
 				"scaleway_vpc":                                 vpc.ResourceVPC(),
+				"scaleway_vpc_acl":                             vpc.ResourceACL(),
 				"scaleway_vpc_gateway_network":                 vpcgw.ResourceNetwork(),
 				"scaleway_vpc_private_network":                 vpc.ResourcePrivateNetwork(),
 				"scaleway_vpc_public_gateway":                  vpcgw.ResourcePublicGateway(),

internal/services/tem/domain_validation.go

@@ -89,6 +89,16 @@ func ResourceDomainValidationCreate(ctx context.Context, d *schema.ResourceData,
 		return nil
 	})
 
+	domainCheck, _ := api.CheckDomain(&tem.CheckDomainRequest{
+		Region:   region,
+		DomainID: domain.ID,
+	})
+	if domainCheck == nil || domainCheck.Status == "pending" || domainCheck.Status == "unchecked" || domainCheck.Status == "autoconfiguring" {
+		d.SetId("")
+
+		return diag.Errorf("domain validation did not complete in %d seconds", duration)
+	}
+
 	return ResourceDomainValidationRead(ctx, d, meta)
 }
 

internal/services/tem/domain_validation_test.go

@@ -2,6 +2,7 @@ package tem_test
 
 import (
 	"fmt"
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
@@ -10,11 +11,11 @@ import (
 
 const domainNameValidation = "scaleway-terraform.com"
 
-func TestAccDomainValidation_NoValidation(t *testing.T) {
+func TestAccDomainValidation_Validation(t *testing.T) {
 	tt := acctest.NewTestTools(t)
 	defer tt.Cleanup()
 
-	subDomainName := "validation-no-validation"
+	subDomainName := "validation-validation"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:          func() { acctest.PreCheck(t) },
@@ -32,27 +33,28 @@ func TestAccDomainValidation_NoValidation(t *testing.T) {
 					resource scaleway_tem_domain cr01 {
 						name       = scaleway_domain_zone.test.id
 						accept_tos = true
+						autoconfig = true
 					}
 
 					resource scaleway_tem_domain_validation valid {
   						domain_id = scaleway_tem_domain.cr01.id
   						region = scaleway_tem_domain.cr01.region
-						timeout = 1
+						timeout = 3600
 					}
 				`, domainNameValidation, subDomainName),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("scaleway_tem_domain_validation.valid", "validated", "false"),
+					resource.TestCheckResourceAttr("scaleway_tem_domain_validation.valid", "validated", "true"),
 				),
 			},
 		},
 	})
 }
 
-func TestAccDomainValidation_Validation(t *testing.T) {
+func TestAccDomainValidation_TimeoutError(t *testing.T) {
 	tt := acctest.NewTestTools(t)
 	defer tt.Cleanup()
 
-	subDomainName := "validation-validation"
+	subDomainName := "validation-timeout"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:          func() { acctest.PreCheck(t) },
@@ -62,26 +64,23 @@ func TestAccDomainValidation_Validation(t *testing.T) {
 			{
 				Config: fmt.Sprintf(`
 
-					resource "scaleway_domain_zone" "test" {
-  						domain    = "%s"
-  						subdomain = "%s"
-					}
+                    resource "scaleway_domain_zone" "test" {
+                        domain    = "%s"
+                        subdomain = "%s"
+                    }
 
-					resource scaleway_tem_domain cr01 {
-						name       = scaleway_domain_zone.test.id
-						accept_tos = true
-						autoconfig = true
-					}
+                    resource scaleway_tem_domain cr01 {
+                        name       = scaleway_domain_zone.test.id
+                        accept_tos = true
+                    }
 
-					resource scaleway_tem_domain_validation valid {
-  						domain_id = scaleway_tem_domain.cr01.id
-  						region = scaleway_tem_domain.cr01.region
-						timeout = 3600
-					}
-				`, domainNameValidation, subDomainName),
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("scaleway_tem_domain_validation.valid", "validated", "true"),
-				),
+                    resource scaleway_tem_domain_validation valid {
+                        domain_id = scaleway_tem_domain.cr01.id
+                        region    = scaleway_tem_domain.cr01.region
+                        timeout   = 1
+                    }
+                `, domainNameValidation, subDomainName),
+				ExpectError: regexp.MustCompile("(?i)domain validation did not complete"),
 			},
 		},
 	})