github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/openstack/resource_openstack_fw_rule_v1.go (about) 1 package openstack 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/gophercloud/gophercloud" 8 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/policies" 9 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/rules" 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceFWRuleV1() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceFWRuleV1Create, 16 Read: resourceFWRuleV1Read, 17 Update: resourceFWRuleV1Update, 18 Delete: resourceFWRuleV1Delete, 19 Importer: &schema.ResourceImporter{ 20 State: schema.ImportStatePassthrough, 21 }, 22 23 Schema: map[string]*schema.Schema{ 24 "region": &schema.Schema{ 25 Type: schema.TypeString, 26 Required: true, 27 ForceNew: true, 28 DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""), 29 }, 30 "name": &schema.Schema{ 31 Type: schema.TypeString, 32 Optional: true, 33 }, 34 "description": &schema.Schema{ 35 Type: schema.TypeString, 36 Optional: true, 37 }, 38 "protocol": &schema.Schema{ 39 Type: schema.TypeString, 40 Required: true, 41 }, 42 "action": &schema.Schema{ 43 Type: schema.TypeString, 44 Required: true, 45 }, 46 "ip_version": &schema.Schema{ 47 Type: schema.TypeInt, 48 Optional: true, 49 Default: 4, 50 }, 51 "source_ip_address": &schema.Schema{ 52 Type: schema.TypeString, 53 Optional: true, 54 }, 55 "destination_ip_address": &schema.Schema{ 56 Type: schema.TypeString, 57 Optional: true, 58 }, 59 "source_port": &schema.Schema{ 60 Type: schema.TypeString, 61 Optional: true, 62 }, 63 "destination_port": &schema.Schema{ 64 Type: schema.TypeString, 65 Optional: true, 66 }, 67 "enabled": &schema.Schema{ 68 Type: schema.TypeBool, 69 Optional: true, 70 Default: true, 71 }, 72 "tenant_id": &schema.Schema{ 73 Type: schema.TypeString, 74 Optional: true, 75 ForceNew: true, 76 }, 77 "value_specs": &schema.Schema{ 78 Type: schema.TypeMap, 79 Optional: true, 80 ForceNew: true, 81 }, 82 }, 83 } 84 } 85 86 func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error { 87 88 config := meta.(*Config) 89 networkingClient, err := config.networkingV2Client(GetRegion(d)) 90 if err != nil { 91 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 92 } 93 94 enabled := d.Get("enabled").(bool) 95 ipVersion := resourceFWRuleV1DetermineIPVersion(d.Get("ip_version").(int)) 96 protocol := resourceFWRuleV1DetermineProtocol(d.Get("protocol").(string)) 97 98 ruleConfiguration := RuleCreateOpts{ 99 rules.CreateOpts{ 100 Name: d.Get("name").(string), 101 Description: d.Get("description").(string), 102 Protocol: protocol, 103 Action: d.Get("action").(string), 104 IPVersion: ipVersion, 105 SourceIPAddress: d.Get("source_ip_address").(string), 106 DestinationIPAddress: d.Get("destination_ip_address").(string), 107 SourcePort: d.Get("source_port").(string), 108 DestinationPort: d.Get("destination_port").(string), 109 Enabled: &enabled, 110 TenantID: d.Get("tenant_id").(string), 111 }, 112 MapValueSpecs(d), 113 } 114 115 log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration) 116 117 rule, err := rules.Create(networkingClient, ruleConfiguration).Extract() 118 119 if err != nil { 120 return err 121 } 122 123 log.Printf("[DEBUG] Firewall rule with id %s : %#v", rule.ID, rule) 124 125 d.SetId(rule.ID) 126 127 return resourceFWRuleV1Read(d, meta) 128 } 129 130 func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error { 131 log.Printf("[DEBUG] Retrieve information about firewall rule: %s", d.Id()) 132 133 config := meta.(*Config) 134 networkingClient, err := config.networkingV2Client(GetRegion(d)) 135 if err != nil { 136 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 137 } 138 139 rule, err := rules.Get(networkingClient, d.Id()).Extract() 140 if err != nil { 141 return CheckDeleted(d, err, "FW rule") 142 } 143 144 log.Printf("[DEBUG] Read OpenStack Firewall Rule %s: %#v", d.Id(), rule) 145 146 d.Set("action", rule.Action) 147 d.Set("name", rule.Name) 148 d.Set("description", rule.Description) 149 d.Set("ip_version", rule.IPVersion) 150 d.Set("source_ip_address", rule.SourceIPAddress) 151 d.Set("destination_ip_address", rule.DestinationIPAddress) 152 d.Set("source_port", rule.SourcePort) 153 d.Set("destination_port", rule.DestinationPort) 154 d.Set("enabled", rule.Enabled) 155 156 if rule.Protocol == "" { 157 d.Set("protocol", "any") 158 } else { 159 d.Set("protocol", rule.Protocol) 160 } 161 162 d.Set("region", GetRegion(d)) 163 164 return nil 165 } 166 167 func resourceFWRuleV1Update(d *schema.ResourceData, meta interface{}) error { 168 config := meta.(*Config) 169 networkingClient, err := config.networkingV2Client(GetRegion(d)) 170 if err != nil { 171 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 172 } 173 174 opts := rules.UpdateOpts{} 175 176 if d.HasChange("name") { 177 v := d.Get("name").(string) 178 opts.Name = &v 179 } 180 181 if d.HasChange("description") { 182 v := d.Get("description").(string) 183 opts.Description = &v 184 } 185 186 if d.HasChange("protocol") { 187 v := d.Get("protocol").(string) 188 opts.Protocol = &v 189 } 190 191 if d.HasChange("action") { 192 v := d.Get("action").(string) 193 opts.Action = &v 194 } 195 196 if d.HasChange("ip_version") { 197 v := d.Get("ip_version").(int) 198 ipVersion := resourceFWRuleV1DetermineIPVersion(v) 199 opts.IPVersion = &ipVersion 200 } 201 202 if d.HasChange("source_ip_address") { 203 v := d.Get("source_ip_address").(string) 204 opts.SourceIPAddress = &v 205 } 206 207 if d.HasChange("destination_ip_address") { 208 v := d.Get("destination_ip_address").(string) 209 opts.DestinationIPAddress = &v 210 } 211 212 if d.HasChange("source_port") { 213 v := d.Get("source_port").(string) 214 opts.SourcePort = &v 215 } 216 217 if d.HasChange("destination_port") { 218 v := d.Get("destination_port").(string) 219 opts.DestinationPort = &v 220 } 221 222 if d.HasChange("enabled") { 223 v := d.Get("enabled").(bool) 224 opts.Enabled = &v 225 } 226 227 log.Printf("[DEBUG] Updating firewall rules: %#v", opts) 228 229 err = rules.Update(networkingClient, d.Id(), opts).Err 230 if err != nil { 231 return err 232 } 233 234 return resourceFWRuleV1Read(d, meta) 235 } 236 237 func resourceFWRuleV1Delete(d *schema.ResourceData, meta interface{}) error { 238 log.Printf("[DEBUG] Destroy firewall rule: %s", d.Id()) 239 240 config := meta.(*Config) 241 networkingClient, err := config.networkingV2Client(GetRegion(d)) 242 if err != nil { 243 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 244 } 245 246 rule, err := rules.Get(networkingClient, d.Id()).Extract() 247 if err != nil { 248 return err 249 } 250 251 if rule.PolicyID != "" { 252 _, err := policies.RemoveRule(networkingClient, rule.PolicyID, rule.ID).Extract() 253 if err != nil { 254 return err 255 } 256 } 257 258 return rules.Delete(networkingClient, d.Id()).Err 259 } 260 261 func resourceFWRuleV1DetermineIPVersion(ipv int) gophercloud.IPVersion { 262 // Determine the IP Version 263 var ipVersion gophercloud.IPVersion 264 switch ipv { 265 case 4: 266 ipVersion = gophercloud.IPv4 267 case 6: 268 ipVersion = gophercloud.IPv6 269 } 270 271 return ipVersion 272 } 273 274 func resourceFWRuleV1DetermineProtocol(p string) rules.Protocol { 275 var protocol rules.Protocol 276 switch p { 277 case "any": 278 protocol = rules.ProtocolAny 279 case "icmp": 280 protocol = rules.ProtocolICMP 281 case "tcp": 282 protocol = rules.ProtocolTCP 283 case "udp": 284 protocol = rules.ProtocolUDP 285 } 286 287 return protocol 288 }