github.com/andresvia/terraform@v0.6.15-0.20160412045437-d51c75946785/builtin/providers/openstack/resource_openstack_fw_policy_v1.go (about) 1 package openstack 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/hashicorp/terraform/helper/schema" 9 "github.com/rackspace/gophercloud" 10 "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/policies" 11 ) 12 13 func resourceFWPolicyV1() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceFWPolicyV1Create, 16 Read: resourceFWPolicyV1Read, 17 Update: resourceFWPolicyV1Update, 18 Delete: resourceFWPolicyV1Delete, 19 20 Schema: map[string]*schema.Schema{ 21 "region": &schema.Schema{ 22 Type: schema.TypeString, 23 Required: true, 24 ForceNew: true, 25 DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""), 26 }, 27 "name": &schema.Schema{ 28 Type: schema.TypeString, 29 Optional: true, 30 }, 31 "description": &schema.Schema{ 32 Type: schema.TypeString, 33 Optional: true, 34 }, 35 "audited": &schema.Schema{ 36 Type: schema.TypeBool, 37 Optional: true, 38 Default: false, 39 }, 40 "shared": &schema.Schema{ 41 Type: schema.TypeBool, 42 Optional: true, 43 Default: false, 44 }, 45 "tenant_id": &schema.Schema{ 46 Type: schema.TypeString, 47 Optional: true, 48 ForceNew: true, 49 Computed: true, 50 }, 51 "rules": &schema.Schema{ 52 Type: schema.TypeSet, 53 Optional: true, 54 Elem: &schema.Schema{Type: schema.TypeString}, 55 Set: schema.HashString, 56 }, 57 }, 58 } 59 } 60 61 func resourceFWPolicyV1Create(d *schema.ResourceData, meta interface{}) error { 62 63 config := meta.(*Config) 64 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 65 if err != nil { 66 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 67 } 68 69 v := d.Get("rules").(*schema.Set) 70 71 log.Printf("[DEBUG] Rules found : %#v", v) 72 log.Printf("[DEBUG] Rules count : %d", v.Len()) 73 74 rules := make([]string, v.Len()) 75 for i, v := range v.List() { 76 rules[i] = v.(string) 77 } 78 79 audited := d.Get("audited").(bool) 80 shared := d.Get("shared").(bool) 81 82 opts := policies.CreateOpts{ 83 Name: d.Get("name").(string), 84 Description: d.Get("description").(string), 85 Audited: &audited, 86 Shared: &shared, 87 TenantID: d.Get("tenant_id").(string), 88 Rules: rules, 89 } 90 91 log.Printf("[DEBUG] Create firewall policy: %#v", opts) 92 93 policy, err := policies.Create(networkingClient, opts).Extract() 94 if err != nil { 95 return err 96 } 97 98 log.Printf("[DEBUG] Firewall policy created: %#v", policy) 99 100 d.SetId(policy.ID) 101 102 return resourceFWPolicyV1Read(d, meta) 103 } 104 105 func resourceFWPolicyV1Read(d *schema.ResourceData, meta interface{}) error { 106 log.Printf("[DEBUG] Retrieve information about firewall policy: %s", d.Id()) 107 108 config := meta.(*Config) 109 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 110 if err != nil { 111 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 112 } 113 114 policy, err := policies.Get(networkingClient, d.Id()).Extract() 115 116 if err != nil { 117 return CheckDeleted(d, err, "FW policy") 118 } 119 120 d.Set("name", policy.Name) 121 d.Set("description", policy.Description) 122 d.Set("shared", policy.Shared) 123 d.Set("audited", policy.Audited) 124 d.Set("tenant_id", policy.TenantID) 125 return nil 126 } 127 128 func resourceFWPolicyV1Update(d *schema.ResourceData, meta interface{}) error { 129 130 config := meta.(*Config) 131 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 132 if err != nil { 133 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 134 } 135 136 opts := policies.UpdateOpts{} 137 138 if d.HasChange("name") { 139 opts.Name = d.Get("name").(string) 140 } 141 142 if d.HasChange("description") { 143 opts.Description = d.Get("description").(string) 144 } 145 146 if d.HasChange("rules") { 147 v := d.Get("rules").(*schema.Set) 148 149 log.Printf("[DEBUG] Rules found : %#v", v) 150 log.Printf("[DEBUG] Rules count : %d", v.Len()) 151 152 rules := make([]string, v.Len()) 153 for i, v := range v.List() { 154 rules[i] = v.(string) 155 } 156 opts.Rules = rules 157 } 158 159 log.Printf("[DEBUG] Updating firewall policy with id %s: %#v", d.Id(), opts) 160 161 err = policies.Update(networkingClient, d.Id(), opts).Err 162 if err != nil { 163 return err 164 } 165 166 return resourceFWPolicyV1Read(d, meta) 167 } 168 169 func resourceFWPolicyV1Delete(d *schema.ResourceData, meta interface{}) error { 170 log.Printf("[DEBUG] Destroy firewall policy: %s", d.Id()) 171 172 config := meta.(*Config) 173 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 174 if err != nil { 175 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 176 } 177 178 for i := 0; i < 15; i++ { 179 180 err = policies.Delete(networkingClient, d.Id()).Err 181 if err == nil { 182 break 183 } 184 185 httpError, ok := err.(*gophercloud.UnexpectedResponseCodeError) 186 if !ok || httpError.Actual != 409 { 187 return err 188 } 189 190 // This error usually means that the policy is attached 191 // to a firewall. At this point, the firewall is probably 192 // being delete. So, we retry a few times. 193 194 time.Sleep(time.Second * 2) 195 } 196 197 return err 198 }