github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/azurerm/resource_arm_network_security_rule.go (about) 1 package azurerm 2 3 import ( 4 "fmt" 5 "net/http" 6 7 "github.com/Azure/azure-sdk-for-go/arm/network" 8 "github.com/hashicorp/terraform/helper/schema" 9 ) 10 11 func resourceArmNetworkSecurityRule() *schema.Resource { 12 return &schema.Resource{ 13 Create: resourceArmNetworkSecurityRuleCreate, 14 Read: resourceArmNetworkSecurityRuleRead, 15 Update: resourceArmNetworkSecurityRuleCreate, 16 Delete: resourceArmNetworkSecurityRuleDelete, 17 Importer: &schema.ResourceImporter{ 18 State: schema.ImportStatePassthrough, 19 }, 20 21 Schema: map[string]*schema.Schema{ 22 "name": { 23 Type: schema.TypeString, 24 Required: true, 25 ForceNew: true, 26 }, 27 28 "resource_group_name": { 29 Type: schema.TypeString, 30 Required: true, 31 ForceNew: true, 32 }, 33 34 "network_security_group_name": { 35 Type: schema.TypeString, 36 Required: true, 37 }, 38 39 "description": { 40 Type: schema.TypeString, 41 Optional: true, 42 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 43 value := v.(string) 44 if len(value) > 140 { 45 errors = append(errors, fmt.Errorf( 46 "The network security rule description can be no longer than 140 chars")) 47 } 48 return 49 }, 50 }, 51 52 "protocol": { 53 Type: schema.TypeString, 54 Required: true, 55 ValidateFunc: validateNetworkSecurityRuleProtocol, 56 }, 57 58 "source_port_range": { 59 Type: schema.TypeString, 60 Required: true, 61 }, 62 63 "destination_port_range": { 64 Type: schema.TypeString, 65 Required: true, 66 }, 67 68 "source_address_prefix": { 69 Type: schema.TypeString, 70 Required: true, 71 }, 72 73 "destination_address_prefix": { 74 Type: schema.TypeString, 75 Required: true, 76 }, 77 78 "access": { 79 Type: schema.TypeString, 80 Required: true, 81 ValidateFunc: validateNetworkSecurityRuleAccess, 82 }, 83 84 "priority": { 85 Type: schema.TypeInt, 86 Required: true, 87 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 88 value := v.(int) 89 if value < 100 || value > 4096 { 90 errors = append(errors, fmt.Errorf( 91 "The `priority` can only be between 100 and 4096")) 92 } 93 return 94 }, 95 }, 96 97 "direction": { 98 Type: schema.TypeString, 99 Required: true, 100 ValidateFunc: validateNetworkSecurityRuleDirection, 101 }, 102 }, 103 } 104 } 105 106 func resourceArmNetworkSecurityRuleCreate(d *schema.ResourceData, meta interface{}) error { 107 client := meta.(*ArmClient) 108 secClient := client.secRuleClient 109 110 name := d.Get("name").(string) 111 nsgName := d.Get("network_security_group_name").(string) 112 resGroup := d.Get("resource_group_name").(string) 113 114 source_port_range := d.Get("source_port_range").(string) 115 destination_port_range := d.Get("destination_port_range").(string) 116 source_address_prefix := d.Get("source_address_prefix").(string) 117 destination_address_prefix := d.Get("destination_address_prefix").(string) 118 priority := int32(d.Get("priority").(int)) 119 access := d.Get("access").(string) 120 direction := d.Get("direction").(string) 121 protocol := d.Get("protocol").(string) 122 123 armMutexKV.Lock(nsgName) 124 defer armMutexKV.Unlock(nsgName) 125 126 properties := network.SecurityRulePropertiesFormat{ 127 SourcePortRange: &source_port_range, 128 DestinationPortRange: &destination_port_range, 129 SourceAddressPrefix: &source_address_prefix, 130 DestinationAddressPrefix: &destination_address_prefix, 131 Priority: &priority, 132 Access: network.SecurityRuleAccess(access), 133 Direction: network.SecurityRuleDirection(direction), 134 Protocol: network.SecurityRuleProtocol(protocol), 135 } 136 137 if v, ok := d.GetOk("description"); ok { 138 description := v.(string) 139 properties.Description = &description 140 } 141 142 sgr := network.SecurityRule{ 143 Name: &name, 144 SecurityRulePropertiesFormat: &properties, 145 } 146 147 _, err := secClient.CreateOrUpdate(resGroup, nsgName, name, sgr, make(chan struct{})) 148 if err != nil { 149 return err 150 } 151 152 read, err := secClient.Get(resGroup, nsgName, name) 153 if err != nil { 154 return err 155 } 156 if read.ID == nil { 157 return fmt.Errorf("Cannot read Security Group Rule %s/%s (resource group %s) ID", 158 nsgName, name, resGroup) 159 } 160 161 d.SetId(*read.ID) 162 163 return resourceArmNetworkSecurityRuleRead(d, meta) 164 } 165 166 func resourceArmNetworkSecurityRuleRead(d *schema.ResourceData, meta interface{}) error { 167 secRuleClient := meta.(*ArmClient).secRuleClient 168 169 id, err := parseAzureResourceID(d.Id()) 170 if err != nil { 171 return err 172 } 173 resGroup := id.ResourceGroup 174 networkSGName := id.Path["networkSecurityGroups"] 175 sgRuleName := id.Path["securityRules"] 176 177 resp, err := secRuleClient.Get(resGroup, networkSGName, sgRuleName) 178 if err != nil { 179 if resp.StatusCode == http.StatusNotFound { 180 d.SetId("") 181 return nil 182 } 183 return fmt.Errorf("Error making Read request on Azure Network Security Rule %s: %s", sgRuleName, err) 184 } 185 186 d.Set("resource_group_name", resGroup) 187 d.Set("access", resp.SecurityRulePropertiesFormat.Access) 188 d.Set("destination_address_prefix", resp.SecurityRulePropertiesFormat.DestinationAddressPrefix) 189 d.Set("destination_port_range", resp.SecurityRulePropertiesFormat.DestinationPortRange) 190 d.Set("direction", resp.SecurityRulePropertiesFormat.Direction) 191 d.Set("description", resp.SecurityRulePropertiesFormat.Description) 192 d.Set("name", resp.Name) 193 d.Set("priority", resp.SecurityRulePropertiesFormat.Priority) 194 d.Set("protocol", resp.SecurityRulePropertiesFormat.Protocol) 195 d.Set("source_address_prefix", resp.SecurityRulePropertiesFormat.SourceAddressPrefix) 196 d.Set("source_port_range", resp.SecurityRulePropertiesFormat.SourcePortRange) 197 198 return nil 199 } 200 201 func resourceArmNetworkSecurityRuleDelete(d *schema.ResourceData, meta interface{}) error { 202 client := meta.(*ArmClient) 203 secRuleClient := client.secRuleClient 204 205 id, err := parseAzureResourceID(d.Id()) 206 if err != nil { 207 return err 208 } 209 resGroup := id.ResourceGroup 210 nsgName := id.Path["networkSecurityGroups"] 211 sgRuleName := id.Path["securityRules"] 212 213 armMutexKV.Lock(nsgName) 214 defer armMutexKV.Unlock(nsgName) 215 216 _, err = secRuleClient.Delete(resGroup, nsgName, sgRuleName, make(chan struct{})) 217 218 return err 219 }