github.com/bendemaree/terraform@v0.5.4-0.20150613200311-f50d97d6eee6/builtin/providers/azure/resource_azure_security_group_rule.go (about) 1 package azure 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/Azure/azure-sdk-for-go/management" 8 netsecgroup "github.com/Azure/azure-sdk-for-go/management/networksecuritygroup" 9 "github.com/hashicorp/terraform/helper/schema" 10 ) 11 12 // resourceAzureSecurityGroupRule returns the *schema.Resource for 13 // a network security group rule on Azure. 14 func resourceAzureSecurityGroupRule() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceAzureSecurityGroupRuleCreate, 17 Read: resourceAzureSecurityGroupRuleRead, 18 Update: resourceAzureSecurityGroupRuleUpdate, 19 Exists: resourceAzureSecurityGroupRuleExists, 20 Delete: resourceAzureSecurityGroupRuleDelete, 21 22 Schema: map[string]*schema.Schema{ 23 "name": &schema.Schema{ 24 Type: schema.TypeString, 25 Required: true, 26 ForceNew: true, 27 Description: parameterDescriptions["name"], 28 }, 29 "security_group_name": &schema.Schema{ 30 Type: schema.TypeString, 31 Required: true, 32 ForceNew: true, 33 Description: parameterDescriptions["netsecgroup_secgroup_name"], 34 }, 35 "type": &schema.Schema{ 36 Type: schema.TypeString, 37 Required: true, 38 Description: parameterDescriptions["netsecgroup_type"], 39 }, 40 "priority": &schema.Schema{ 41 Type: schema.TypeInt, 42 Required: true, 43 Description: parameterDescriptions["netsecgroup_priority"], 44 }, 45 "action": &schema.Schema{ 46 Type: schema.TypeString, 47 Required: true, 48 Description: parameterDescriptions["netsecgroup_action"], 49 }, 50 "source_address_prefix": &schema.Schema{ 51 Type: schema.TypeString, 52 Required: true, 53 Description: parameterDescriptions["netsecgroup_src_addr_prefix"], 54 }, 55 "source_port_range": &schema.Schema{ 56 Type: schema.TypeString, 57 Required: true, 58 Description: parameterDescriptions["netsecgroup_src_port_range"], 59 }, 60 "destination_address_prefix": &schema.Schema{ 61 Type: schema.TypeString, 62 Required: true, 63 Description: parameterDescriptions["netsecgroup_dest_addr_prefix"], 64 }, 65 "destination_port_range": &schema.Schema{ 66 Type: schema.TypeString, 67 Required: true, 68 Description: parameterDescriptions["netsecgroup_dest_port_range"], 69 }, 70 "protocol": &schema.Schema{ 71 Type: schema.TypeString, 72 Required: true, 73 Description: parameterDescriptions["netsecgroup_protocol"], 74 }, 75 }, 76 } 77 } 78 79 // resourceAzureSecurityGroupRuleCreate does all the necessary API calls to 80 // create a new network security group rule on Azure. 81 func resourceAzureSecurityGroupRuleCreate(d *schema.ResourceData, meta interface{}) error { 82 azureClient := meta.(*Client) 83 mgmtClient := azureClient.mgmtClient 84 netSecClient := netsecgroup.NewClient(mgmtClient) 85 86 // create and configure the RuleResponse: 87 name := d.Get("name").(string) 88 rule := netsecgroup.RuleRequest{ 89 Name: name, 90 Type: netsecgroup.RuleType(d.Get("type").(string)), 91 Priority: d.Get("priority").(int), 92 Action: netsecgroup.RuleAction(d.Get("action").(string)), 93 SourceAddressPrefix: d.Get("source_address_prefix").(string), 94 SourcePortRange: d.Get("source_port_range").(string), 95 DestinationAddressPrefix: d.Get("destination_address_prefix").(string), 96 DestinationPortRange: d.Get("destination_port_range").(string), 97 Protocol: netsecgroup.RuleProtocol(d.Get("protocol").(string)), 98 } 99 100 // send the create request to Azure: 101 log.Println("[INFO] Sending network security group rule creation request to Azure.") 102 reqID, err := netSecClient.SetNetworkSecurityGroupRule( 103 d.Get("security_group_name").(string), 104 rule, 105 ) 106 if err != nil { 107 return fmt.Errorf("Error sending network security group rule creation request to Azure: %s", err) 108 } 109 err = mgmtClient.WaitForOperation(reqID, nil) 110 if err != nil { 111 return fmt.Errorf("Error creating network security group rule on Azure: %s", err) 112 } 113 114 d.SetId(name) 115 return nil 116 } 117 118 // resourceAzureSecurityGroupRuleRead does all the necessary API calls to 119 // read the state of a network security group ruke off Azure. 120 func resourceAzureSecurityGroupRuleRead(d *schema.ResourceData, meta interface{}) error { 121 azureClient := meta.(*Client) 122 mgmtClient := azureClient.mgmtClient 123 netSecClient := netsecgroup.NewClient(mgmtClient) 124 125 secGroupName := d.Get("security_group_name").(string) 126 127 // get info on the network security group and check its rules for this one: 128 log.Println("[INFO] Sending network security group rule query to Azure.") 129 secgroup, err := netSecClient.GetNetworkSecurityGroup(secGroupName) 130 if err != nil { 131 if !management.IsResourceNotFoundError(err) { 132 return fmt.Errorf("Error issuing network security group rules query: %s", err) 133 } else { 134 // it meants that the network security group this rule belonged to has 135 // been deleted; so we must remove this resource from the schema: 136 d.SetId("") 137 return nil 138 } 139 } 140 141 // find our security rule: 142 var found bool 143 name := d.Get("name").(string) 144 for _, rule := range secgroup.Rules { 145 if rule.Name == name { 146 found = true 147 log.Println("[DEBUG] Reading state of Azure network security group rule.") 148 149 d.Set("type", rule.Type) 150 d.Set("priority", rule.Priority) 151 d.Set("action", rule.Action) 152 d.Set("source_address_prefix", rule.SourceAddressPrefix) 153 d.Set("source_port_range", rule.SourcePortRange) 154 d.Set("destination_address_prefix", rule.DestinationAddressPrefix) 155 d.Set("destination_port_range", rule.DestinationPortRange) 156 d.Set("protocol", rule.Protocol) 157 158 break 159 } 160 } 161 162 // check if the rule still exists, and is not, remove the resource: 163 if !found { 164 d.SetId("") 165 } 166 return nil 167 } 168 169 // resourceAzureSecurityGroupRuleUpdate does all the necessary API calls to 170 // update the state of a network security group ruke off Azure. 171 func resourceAzureSecurityGroupRuleUpdate(d *schema.ResourceData, meta interface{}) error { 172 azureClient := meta.(*Client) 173 mgmtClient := azureClient.mgmtClient 174 netSecClient := netsecgroup.NewClient(mgmtClient) 175 176 secGroupName := d.Get("security_group_name").(string) 177 178 // get info on the network security group and check its rules for this one: 179 log.Println("[INFO] Sending network security group rule query for update to Azure.") 180 secgroup, err := netSecClient.GetNetworkSecurityGroup(secGroupName) 181 if err != nil { 182 if !management.IsResourceNotFoundError(err) { 183 return fmt.Errorf("Error issuing network security group rules query: %s", err) 184 } else { 185 // it meants that the network security group this rule belonged to has 186 // been deleted; so we must remove this resource from the schema: 187 d.SetId("") 188 return nil 189 } 190 } 191 192 // try and find our security group rule: 193 var found bool 194 name := d.Get("name").(string) 195 for _, rule := range secgroup.Rules { 196 if rule.Name == name { 197 found = true 198 } 199 } 200 // check is the resource has not been deleted in the meantime: 201 if !found { 202 // if not; remove the resource: 203 d.SetId("") 204 return nil 205 } 206 207 // else, start building up the rule request struct: 208 newRule := netsecgroup.RuleRequest{ 209 Name: d.Get("name").(string), 210 Type: netsecgroup.RuleType(d.Get("type").(string)), 211 Priority: d.Get("priority").(int), 212 Action: netsecgroup.RuleAction(d.Get("action").(string)), 213 SourceAddressPrefix: d.Get("source_address_prefix").(string), 214 SourcePortRange: d.Get("source_port_range").(string), 215 DestinationAddressPrefix: d.Get("destination_address_prefix").(string), 216 DestinationPortRange: d.Get("destination_port_range").(string), 217 Protocol: netsecgroup.RuleProtocol(d.Get("protocol").(string)), 218 } 219 220 // send the create request to Azure: 221 log.Println("[INFO] Sending network security group rule update request to Azure.") 222 reqID, err := netSecClient.SetNetworkSecurityGroupRule( 223 secGroupName, 224 newRule, 225 ) 226 if err != nil { 227 return fmt.Errorf("Error sending network security group rule update request to Azure: %s", err) 228 } 229 err = mgmtClient.WaitForOperation(reqID, nil) 230 if err != nil { 231 return fmt.Errorf("Error updating network security group rule on Azure: %s", err) 232 } 233 234 return nil 235 } 236 237 // resourceAzureSecurityGroupRuleExists does all the necessary API calls to 238 // check for the existence of the network security group rule on Azure. 239 func resourceAzureSecurityGroupRuleExists(d *schema.ResourceData, meta interface{}) (bool, error) { 240 azureClient := meta.(*Client) 241 mgmtClient := azureClient.mgmtClient 242 netSecClient := netsecgroup.NewClient(mgmtClient) 243 244 secGroupName := d.Get("security_group_name").(string) 245 246 // get info on the network security group and search for our rule: 247 log.Println("[INFO] Sending network security group rule query for existence check to Azure.") 248 secgroup, err := netSecClient.GetNetworkSecurityGroup(secGroupName) 249 if err != nil { 250 if !management.IsResourceNotFoundError(err) { 251 return false, fmt.Errorf("Error issuing network security group rules query: %s", err) 252 } else { 253 // it meants that the network security group this rule belonged to has 254 // been deleted; so we must remove this resource from the schema: 255 d.SetId("") 256 return false, nil 257 } 258 } 259 260 // try and find our security group rule: 261 name := d.Get("name").(string) 262 for _, rule := range secgroup.Rules { 263 if rule.Name == name { 264 return true, nil 265 } 266 } 267 268 // if here; it means the resource has been deleted in the 269 // meantime and must be removed from the schema: 270 d.SetId("") 271 272 return false, nil 273 } 274 275 // resourceAzureSecurityGroupRuleDelete does all the necessary API calls to 276 // delete a network security group rule off Azure. 277 func resourceAzureSecurityGroupRuleDelete(d *schema.ResourceData, meta interface{}) error { 278 azureClient := meta.(*Client) 279 mgmtClient := azureClient.mgmtClient 280 netSecClient := netsecgroup.NewClient(mgmtClient) 281 282 secGroupName := d.Get("security_group_name").(string) 283 284 // get info on the network security group and search for our rule: 285 log.Println("[INFO] Sending network security group rule query for deletion to Azure.") 286 secgroup, err := netSecClient.GetNetworkSecurityGroup(secGroupName) 287 if err != nil { 288 if management.IsResourceNotFoundError(err) { 289 // it meants that the network security group this rule belonged to has 290 // been deleted; so we need do nothing more but stop tracking the resource: 291 d.SetId("") 292 return nil 293 } else { 294 return fmt.Errorf("Error issuing network security group rules query: %s", err) 295 } 296 } 297 298 // check is the resource has not been deleted in the meantime: 299 name := d.Get("name").(string) 300 for _, rule := range secgroup.Rules { 301 if rule.Name == name { 302 // if not; we shall issue the delete: 303 reqID, err := netSecClient.DeleteNetworkSecurityGroupRule(secGroupName, name) 304 if err != nil { 305 return fmt.Errorf("Error sending network security group rule delete request to Azure: %s", err) 306 } 307 err = mgmtClient.WaitForOperation(reqID, nil) 308 if err != nil { 309 return fmt.Errorf("Error deleting network security group rule off Azure: %s", err) 310 } 311 } 312 } 313 314 return nil 315 }