feat(azure/stateful_node): Added security block in `launch_specific…

…ation` (spotinst#452)

CHANGELOG.md

@@ -1,5 +1,11 @@
 ## Unreleased
 
+## 1.131.0 (August 01, 2023)
+ENHANCEMENTS:
+* resource/spotinst_stateful_node_azure: Added `security` block in `launch_specification` object
+  NOTES:
+* documentation: Added `delete` usage to the `spotinst_stateful_node_azure` documentation
+
 ## 1.130.0 (July 27, 2023)
 BUG FIXES:
 * resource/spotinst_elastigroup_gcp: Fix for allowing `named_ports` to be configured when `location_type` is regional

docs/resources/ocean_aws.md

@@ -105,7 +105,7 @@ resource "spotinst_ocean_aws" "example" {
   fallback_to_ondemand       = true
   draining_timeout           = 120
   utilize_reserved_instances = false
-  grace_period               = 600
+  grace_period               = 300
   spot_percentage            = 100
   utilize_commitments        = false
   spread_nodes_by            = "count"
@@ -211,7 +211,7 @@ The following arguments are supported:
 * `fallback_to_ondemand` - (Optional, Default: `true`) If not Spot instance markets are available, enable Ocean to launch On-Demand instances instead.
 * `utilize_reserved_instances` - (Optional, Default `true`) If Reserved instances exist, Ocean will utilize them before launching Spot instances.
 * `draining_timeout` - (Optional) The time in seconds, the instance is allowed to run while detached from the ELB. This is to allow the instance time to be drained from incoming TCP connections before terminating it, during a scale down operation.
-* `grace_period` - (Optional, Default: 600) The amount of time, in seconds, after the instance has launched to start checking its health.
+* `grace_period` - (Optional, Default: 300) The amount of time, in seconds, after the instance has launched to start checking its health.
 * `spot_percentage` - (Optional) The desired percentage of Spot instances out of all running instances. Only available when the field is not set in any VNG directly (launchSpec.strategy.spotPercentage).
 * `utilize_commitments` - (Optional, Default false) If savings plans exist, Ocean will utilize them before launching Spot instances.
 * `spread_nodes_by` - (Optional, Default: `count`) Ocean will spread the nodes across markets by this value. Possible values: `vcpu` or `count`.

docs/resources/stateful_node_azure.md

@@ -166,6 +166,15 @@ resource "spotinst_stateful_node_azure" "test_stateful_node_azure" {
   }
   // -------------------------------------------------------------------
   
+  // --- Security ------------------------------------------------------
+
+  security {
+    security_type = "Standard"
+    secure_boot_enabled = false
+    vtpm_enabled = false
+  }
+  // -------------------------------------------------------------------
+  
   // --- TAGS ----------------------------------------------------------
   tag {
     tag_key   = "Creator"
@@ -223,6 +232,20 @@ resource "spotinst_stateful_node_azure" "test_stateful_node_azure" {
   }
 }
   // -------------------------------------------------------------------
+  
+  // ---DELETE----------------------------------------------------------
+  delete {
+    should_terminate_vm = true
+    network_should_deallocate = true
+    network_ttl_in_hours = 0
+    disk_should_deallocate = true
+    disk_ttl_in_hours = 0
+    snapshot_should_deallocate = true
+    snapshot_ttl_in_hours = 0
+    public_ip_should_deallocate = true
+    public_ip_ttl_in_hours = 0
+  }
+  // -------------------------------------------------------------------
 
 ```
 
@@ -380,6 +403,14 @@ The following arguments are supported:
       * This field is required only when using Windows OS type
       * This field must be ‘null’ when the OS type is Linux
 
+<a id="secutiry"></a>
+## Security
+
+* `security` - (Optional) Specifies the Security related profile settings for the virtual machine.
+    * `secure_boot_enabled` - (Optional) Specifies whether secure boot should be enabled on the virtual machine.
+    * `security_type` - (Optional) Enum: `"Standard", "TrustedLaunch"` Security type refers to the different security features of a virtual machine. Security features like Trusted launch virtual machines help to improve the security of Azure generation 2 virtual machines.
+    * `vtpm_enabled` - (Optional) Specifies whether vTPM should be enabled on the virtual machine.
+
 
 <a id="tag"></a>
 ## Tag
@@ -458,5 +489,19 @@ The following arguments are supported:
   * `draining_timeout` - (Optional) Hours to keep resources alive.
   * `resources_retention_time` - (Optional) Hours to keep resources alive.
 
+<a id="delete"></a>
+## Deallocation Config
+
+* `delete` - (Required) Specify deallocation parameters for stateful node deletion.
+    * `should_terminate_vm` - (Required) Indicates whether to delete the stateful node's VM.
+    * `network_should_deallocate` - (Required) Indicates whether to delete the stateful node's network resources.
+    * `network_ttl_in_hours` - (Optional, Default: 96) Hours to keep the network resource alive before deletion.
+    * `disk_should_deallocate` - (Required) Indicates whether to delete the stateful node's disk resources.
+    * `disk_ttl_in_hours` - (Optional, Default: 96) Hours to keep the disk resource alive before deletion.
+    * `snapshot_should_deallocate` - (Required) Indicates whether to delete the stateful node's snapshot resources.
+    * `snapshot_ttl_in_hours` - (Optional, Default: 96) Hours to keep the snapshots alive before deletion.
+    * `public_ip_should_deallocate` - (Required) Indicates whether to delete the stateful node's public ip resources.
+    * `public_ip_ttl_in_hours` - (Optional, Default: 96) Hours to keep the public ip alive before deletion.
+
 
 

go.mod

@@ -11,6 +11,6 @@ require (
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/terraform-plugin-docs v0.5.1
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.5.0
-	github.com/spotinst/spotinst-sdk-go v1.168.0
+	github.com/spotinst/spotinst-sdk-go v1.169.0
 	golang.org/x/lint v0.0.0-20200302205851-738671d3881b
 )

go.sum

@@ -352,8 +352,8 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spotinst/spotinst-sdk-go v1.168.0 h1:9BZBb+rXWoroT7mCXN+fGKpFDN69oBDD0IPdUA+Bfzo=
-github.com/spotinst/spotinst-sdk-go v1.168.0/go.mod h1:Ku9c4p+kRWnQqmXkzGcTMHLcQKgLHrQZISxeKY7mPqE=
+github.com/spotinst/spotinst-sdk-go v1.169.0 h1:6GM/3eNsgJ4wKbJMlkrvlyDR6SZRP/yX/TkBFf3rBWc=
+github.com/spotinst/spotinst-sdk-go v1.169.0/go.mod h1:Ku9c4p+kRWnQqmXkzGcTMHLcQKgLHrQZISxeKY7mPqE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=

spotinst/azure_v3/stateful_node_azure_launch_spec/consts.go

@@ -46,3 +46,11 @@ const (
 	BootDiagnosticsStorageURL commons.FieldName = "storage_url"
 	BootDiagnosticsType       commons.FieldName = "type"
 )
+
+// Security
+const (
+	Security          commons.FieldName = "security"
+	SecureBootEnabled commons.FieldName = "secure_boot_enabled"
+	SecurityType      commons.FieldName = "security_type"
+	VTpmEnabled       commons.FieldName = "vtpm_enabled"
+)

spotinst/azure_v3/stateful_node_azure_launch_spec/fields_spotinst_stateful_node_azure_launch_spec.go

@@ -532,6 +532,78 @@ func Setup(fieldsMap map[commons.FieldName]*commons.GenericField) {
 		},
 		nil,
 	)
+
+	fieldsMap[Security] = commons.NewGenericField(
+		commons.StatefulNodeAzureLaunchSpecification,
+		Security,
+		&schema.Schema{
+			Type:     schema.TypeList,
+			Optional: true,
+			MaxItems: 1,
+			Elem: &schema.Resource{
+				Schema: map[string]*schema.Schema{
+					string(SecureBootEnabled): {
+						Type:     schema.TypeBool,
+						Optional: true,
+					},
+					string(SecurityType): {
+						Type:     schema.TypeString,
+						Optional: true,
+					},
+					string(VTpmEnabled): {
+						Type:     schema.TypeBool,
+						Optional: true,
+					},
+				},
+			},
+		},
+		func(resourceObject interface{}, resourceData *schema.ResourceData, meta interface{}) error {
+			stWrapper := resourceObject.(*commons.StatefulNodeAzureV3Wrapper)
+			st := stWrapper.GetStatefulNode()
+			var value interface{} = nil
+
+			if st.Compute != nil && st.Compute.LaunchSpecification != nil &&
+				st.Compute.LaunchSpecification.Security != nil {
+				value = flattenSecurity(st.Compute.LaunchSpecification.Security)
+			}
+			if err := resourceData.Set(string(Security), value); err != nil {
+				return fmt.Errorf(string(commons.FailureFieldReadPattern), string(Security), err)
+			}
+			return nil
+		},
+		func(resourceObject interface{}, resourceData *schema.ResourceData, meta interface{}) error {
+			stWrapper := resourceObject.(*commons.StatefulNodeAzureV3Wrapper)
+			st := stWrapper.GetStatefulNode()
+			var value *azure.Security = nil
+
+			if v, ok := resourceData.GetOk(string(Security)); ok {
+				if security, err := expandSecurity(v); err != nil {
+					return err
+				} else {
+					value = security
+				}
+			}
+			st.Compute.LaunchSpecification.SetSecurity(value)
+
+			return nil
+		},
+		func(resourceObject interface{}, resourceData *schema.ResourceData, meta interface{}) error {
+			stWrapper := resourceObject.(*commons.StatefulNodeAzureV3Wrapper)
+			st := stWrapper.GetStatefulNode()
+			var value *azure.Security = nil
+
+			if v, ok := resourceData.GetOk(string(Security)); ok {
+				if security, err := expandSecurity(v); err != nil {
+					return err
+				} else {
+					value = security
+				}
+			}
+			st.Compute.LaunchSpecification.SetSecurity(value)
+			return nil
+		},
+		nil,
+	)
 }
 
 func expandTags(data interface{}) ([]*azure.Tag, error) {
@@ -715,6 +787,43 @@ func expandBootDiagnostics(data interface{}) (*azure.BootDiagnostics, error) {
 	return nil, nil
 }
 
+func flattenSecurity(secure *azure.Security) interface{} {
+	security := make(map[string]interface{})
+
+	security[string(SecureBootEnabled)] = spotinst.BoolValue(secure.SecureBootEnabled)
+	security[string(SecurityType)] = spotinst.StringValue(secure.SecurityType)
+	security[string(VTpmEnabled)] = spotinst.BoolValue(secure.VTpmEnabled)
+
+	return []interface{}{security}
+}
+
+func expandSecurity(data interface{}) (*azure.Security, error) {
+	if list := data.([]interface{}); len(list) > 0 {
+		security := &azure.Security{}
+
+		if list[0] != nil {
+			m := list[0].(map[string]interface{})
+
+			if v, ok := m[string(SecureBootEnabled)].(bool); ok {
+				security.SetSecureBootEnabled(spotinst.Bool(v))
+			}
+
+			if v, ok := m[string(SecurityType)].(string); ok && v != "" {
+				security.SetSecurityType(spotinst.String(v))
+			}
+
+			if v, ok := m[string(VTpmEnabled)].(bool); ok {
+				security.SetVTpmEnabled(spotinst.Bool(v))
+			}
+
+		}
+
+		return security, nil
+	}
+
+	return nil, nil
+}
+
 func base64Encode(data string) string {
 	// Check whether the data is already Base64 encoded; don't double-encode
 	if isBase64Encoded(data) {

spotinst/azure_v3/stateful_node_azure_load_balancer/fields_spotinst_stateful_node_azure_load balancer.go

@@ -167,7 +167,7 @@ func expandLoadBalancers(data interface{}, loadBalancers []*azure.LoadBalancer)
 				if backendPoolNames, err := expandBackendPoolNames(v); err != nil {
 					return nil, err
 				} else {
-					loadBalancer.SeBackendPoolNames(backendPoolNames)
+					loadBalancer.SetBackendPoolNames(backendPoolNames)
 				}
 			}