github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/scaleway/resource_scaleway_security_group_rule.go (about) 1 package scaleway 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/hashicorp/terraform/helper/schema" 8 "github.com/scaleway/scaleway-cli/pkg/api" 9 ) 10 11 func resourceScalewaySecurityGroupRule() *schema.Resource { 12 return &schema.Resource{ 13 Create: resourceScalewaySecurityGroupRuleCreate, 14 Read: resourceScalewaySecurityGroupRuleRead, 15 Update: resourceScalewaySecurityGroupRuleUpdate, 16 Delete: resourceScalewaySecurityGroupRuleDelete, 17 Schema: map[string]*schema.Schema{ 18 "security_group": { 19 Type: schema.TypeString, 20 Required: true, 21 }, 22 "action": { 23 Type: schema.TypeString, 24 Required: true, 25 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 26 value := v.(string) 27 if value != "accept" && value != "drop" { 28 errors = append(errors, fmt.Errorf("%q must be one of 'accept', 'drop'", k)) 29 } 30 return 31 }, 32 }, 33 "direction": { 34 Type: schema.TypeString, 35 Required: true, 36 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 37 value := v.(string) 38 if value != "inbound" && value != "outbound" { 39 errors = append(errors, fmt.Errorf("%q must be one of 'inbound', 'outbound'", k)) 40 } 41 return 42 }, 43 }, 44 "ip_range": { 45 Type: schema.TypeString, 46 Required: true, 47 }, 48 "protocol": { 49 Type: schema.TypeString, 50 Required: true, 51 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 52 value := v.(string) 53 if value != "ICMP" && value != "TCP" && value != "UDP" { 54 errors = append(errors, fmt.Errorf("%q must be one of 'ICMP', 'TCP', 'UDP", k)) 55 } 56 return 57 }, 58 }, 59 "port": { 60 Type: schema.TypeInt, 61 Optional: true, 62 }, 63 }, 64 } 65 } 66 67 func resourceScalewaySecurityGroupRuleCreate(d *schema.ResourceData, m interface{}) error { 68 scaleway := m.(*Client).scaleway 69 70 mu.Lock() 71 defer mu.Unlock() 72 73 req := api.ScalewayNewSecurityGroupRule{ 74 Action: d.Get("action").(string), 75 Direction: d.Get("direction").(string), 76 IPRange: d.Get("ip_range").(string), 77 Protocol: d.Get("protocol").(string), 78 DestPortFrom: d.Get("port").(int), 79 } 80 81 err := scaleway.PostSecurityGroupRule(d.Get("security_group").(string), req) 82 if err != nil { 83 if serr, ok := err.(api.ScalewayAPIError); ok { 84 log.Printf("[DEBUG] Error creating Security Group Rule: %q\n", serr.APIMessage) 85 } 86 87 return err 88 } 89 90 resp, err := scaleway.GetSecurityGroupRules(d.Get("security_group").(string)) 91 if err != nil { 92 return err 93 } 94 95 matches := func(rule api.ScalewaySecurityGroupRule) bool { 96 return rule.Action == req.Action && 97 rule.Direction == req.Direction && 98 rule.IPRange == req.IPRange && 99 rule.Protocol == req.Protocol && 100 rule.DestPortFrom == req.DestPortFrom 101 } 102 103 for _, rule := range resp.Rules { 104 if matches(rule) { 105 d.SetId(rule.ID) 106 break 107 } 108 } 109 110 if d.Id() == "" { 111 return fmt.Errorf("Failed to find created security group rule") 112 } 113 114 return resourceScalewaySecurityGroupRuleRead(d, m) 115 } 116 117 func resourceScalewaySecurityGroupRuleRead(d *schema.ResourceData, m interface{}) error { 118 scaleway := m.(*Client).scaleway 119 rule, err := scaleway.GetASecurityGroupRule(d.Get("security_group").(string), d.Id()) 120 121 if err != nil { 122 if serr, ok := err.(api.ScalewayAPIError); ok { 123 log.Printf("[DEBUG] error reading Security Group Rule: %q\n", serr.APIMessage) 124 125 if serr.StatusCode == 404 { 126 d.SetId("") 127 return nil 128 } 129 } 130 131 return err 132 } 133 134 d.Set("action", rule.Rules.Action) 135 d.Set("direction", rule.Rules.Direction) 136 d.Set("ip_range", rule.Rules.IPRange) 137 d.Set("protocol", rule.Rules.Protocol) 138 d.Set("port", rule.Rules.DestPortFrom) 139 140 return nil 141 } 142 143 func resourceScalewaySecurityGroupRuleUpdate(d *schema.ResourceData, m interface{}) error { 144 scaleway := m.(*Client).scaleway 145 146 mu.Lock() 147 defer mu.Unlock() 148 149 var req = api.ScalewayNewSecurityGroupRule{ 150 Action: d.Get("action").(string), 151 Direction: d.Get("direction").(string), 152 IPRange: d.Get("ip_range").(string), 153 Protocol: d.Get("protocol").(string), 154 DestPortFrom: d.Get("port").(int), 155 } 156 157 if err := scaleway.PutSecurityGroupRule(req, d.Get("security_group").(string), d.Id()); err != nil { 158 log.Printf("[DEBUG] error updating Security Group Rule: %q", err) 159 160 return err 161 } 162 163 return resourceScalewaySecurityGroupRuleRead(d, m) 164 } 165 166 func resourceScalewaySecurityGroupRuleDelete(d *schema.ResourceData, m interface{}) error { 167 scaleway := m.(*Client).scaleway 168 169 mu.Lock() 170 defer mu.Unlock() 171 172 err := scaleway.DeleteSecurityGroupRule(d.Get("security_group").(string), d.Id()) 173 if err != nil { 174 if serr, ok := err.(api.ScalewayAPIError); ok { 175 log.Printf("[DEBUG] error reading Security Group Rule: %q\n", serr.APIMessage) 176 177 if serr.StatusCode == 404 { 178 d.SetId("") 179 return nil 180 } 181 } 182 183 return err 184 } 185 186 d.SetId("") 187 return nil 188 }