github.com/danrjohnson/terraform@v0.7.0-rc2.0.20160627135212-d0fc1fa086ff/builtin/providers/openstack/resource_openstack_fw_policy_v1.go (about) 1 package openstack 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/hashicorp/terraform/helper/schema" 9 "github.com/rackspace/gophercloud" 10 "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/policies" 11 ) 12 13 func resourceFWPolicyV1() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceFWPolicyV1Create, 16 Read: resourceFWPolicyV1Read, 17 Update: resourceFWPolicyV1Update, 18 Delete: resourceFWPolicyV1Delete, 19 20 Schema: map[string]*schema.Schema{ 21 "region": &schema.Schema{ 22 Type: schema.TypeString, 23 Required: true, 24 ForceNew: true, 25 DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""), 26 }, 27 "name": &schema.Schema{ 28 Type: schema.TypeString, 29 Optional: true, 30 }, 31 "description": &schema.Schema{ 32 Type: schema.TypeString, 33 Optional: true, 34 }, 35 "audited": &schema.Schema{ 36 Type: schema.TypeBool, 37 Optional: true, 38 Default: false, 39 }, 40 "shared": &schema.Schema{ 41 Type: schema.TypeBool, 42 Optional: true, 43 Default: false, 44 }, 45 "tenant_id": &schema.Schema{ 46 Type: schema.TypeString, 47 Optional: true, 48 ForceNew: true, 49 Computed: true, 50 }, 51 "rules": &schema.Schema{ 52 Type: schema.TypeList, 53 Optional: true, 54 Elem: &schema.Schema{Type: schema.TypeString}, 55 }, 56 }, 57 } 58 } 59 60 func resourceFWPolicyV1Create(d *schema.ResourceData, meta interface{}) error { 61 62 config := meta.(*Config) 63 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 64 if err != nil { 65 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 66 } 67 68 v := d.Get("rules").([]interface{}) 69 70 log.Printf("[DEBUG] Rules found : %#v", v) 71 log.Printf("[DEBUG] Rules count : %d", len(v)) 72 73 rules := make([]string, len(v)) 74 for i, v := range v { 75 rules[i] = v.(string) 76 } 77 78 audited := d.Get("audited").(bool) 79 shared := d.Get("shared").(bool) 80 81 opts := policies.CreateOpts{ 82 Name: d.Get("name").(string), 83 Description: d.Get("description").(string), 84 Audited: &audited, 85 Shared: &shared, 86 TenantID: d.Get("tenant_id").(string), 87 Rules: rules, 88 } 89 90 log.Printf("[DEBUG] Create firewall policy: %#v", opts) 91 92 policy, err := policies.Create(networkingClient, opts).Extract() 93 if err != nil { 94 return err 95 } 96 97 log.Printf("[DEBUG] Firewall policy created: %#v", policy) 98 99 d.SetId(policy.ID) 100 101 return resourceFWPolicyV1Read(d, meta) 102 } 103 104 func resourceFWPolicyV1Read(d *schema.ResourceData, meta interface{}) error { 105 log.Printf("[DEBUG] Retrieve information about firewall policy: %s", d.Id()) 106 107 config := meta.(*Config) 108 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 109 if err != nil { 110 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 111 } 112 113 policy, err := policies.Get(networkingClient, d.Id()).Extract() 114 115 if err != nil { 116 return CheckDeleted(d, err, "FW policy") 117 } 118 119 d.Set("name", policy.Name) 120 d.Set("description", policy.Description) 121 d.Set("shared", policy.Shared) 122 d.Set("audited", policy.Audited) 123 d.Set("tenant_id", policy.TenantID) 124 return nil 125 } 126 127 func resourceFWPolicyV1Update(d *schema.ResourceData, meta interface{}) error { 128 129 config := meta.(*Config) 130 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 131 if err != nil { 132 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 133 } 134 135 opts := policies.UpdateOpts{} 136 137 if d.HasChange("name") { 138 opts.Name = d.Get("name").(string) 139 } 140 141 if d.HasChange("description") { 142 opts.Description = d.Get("description").(string) 143 } 144 145 if d.HasChange("rules") { 146 v := d.Get("rules").([]interface{}) 147 148 log.Printf("[DEBUG] Rules found : %#v", v) 149 log.Printf("[DEBUG] Rules count : %d", len(v)) 150 151 rules := make([]string, len(v)) 152 for i, v := range v { 153 rules[i] = v.(string) 154 } 155 opts.Rules = rules 156 } 157 158 log.Printf("[DEBUG] Updating firewall policy with id %s: %#v", d.Id(), opts) 159 160 err = policies.Update(networkingClient, d.Id(), opts).Err 161 if err != nil { 162 return err 163 } 164 165 return resourceFWPolicyV1Read(d, meta) 166 } 167 168 func resourceFWPolicyV1Delete(d *schema.ResourceData, meta interface{}) error { 169 log.Printf("[DEBUG] Destroy firewall policy: %s", d.Id()) 170 171 config := meta.(*Config) 172 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 173 if err != nil { 174 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 175 } 176 177 for i := 0; i < 15; i++ { 178 179 err = policies.Delete(networkingClient, d.Id()).Err 180 if err == nil { 181 break 182 } 183 184 httpError, ok := err.(*gophercloud.UnexpectedResponseCodeError) 185 if !ok || httpError.Actual != 409 { 186 return err 187 } 188 189 // This error usually means that the policy is attached 190 // to a firewall. At this point, the firewall is probably 191 // being delete. So, we retry a few times. 192 193 time.Sleep(time.Second * 2) 194 } 195 196 return err 197 }