github.com/hobbeswalsh/terraform@v0.3.7-0.20150619183303-ad17cf55a0fa/builtin/providers/azure/resource_azure_security_group_rule.go (about) 1 package azure 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/Azure/azure-sdk-for-go/management" 8 netsecgroup "github.com/Azure/azure-sdk-for-go/management/networksecuritygroup" 9 "github.com/hashicorp/terraform/helper/schema" 10 ) 11 12 // resourceAzureSecurityGroupRule returns the *schema.Resource for 13 // a network security group rule on Azure. 14 func resourceAzureSecurityGroupRule() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceAzureSecurityGroupRuleCreate, 17 Read: resourceAzureSecurityGroupRuleRead, 18 Update: resourceAzureSecurityGroupRuleUpdate, 19 Exists: resourceAzureSecurityGroupRuleExists, 20 Delete: resourceAzureSecurityGroupRuleDelete, 21 22 Schema: map[string]*schema.Schema{ 23 "name": &schema.Schema{ 24 Type: schema.TypeString, 25 Required: true, 26 ForceNew: true, 27 Description: parameterDescriptions["name"], 28 }, 29 "security_group_name": &schema.Schema{ 30 Type: schema.TypeString, 31 Required: true, 32 ForceNew: true, 33 Description: parameterDescriptions["netsecgroup_secgroup_name"], 34 }, 35 "type": &schema.Schema{ 36 Type: schema.TypeString, 37 Required: true, 38 Description: parameterDescriptions["netsecgroup_type"], 39 }, 40 "priority": &schema.Schema{ 41 Type: schema.TypeInt, 42 Required: true, 43 Description: parameterDescriptions["netsecgroup_priority"], 44 }, 45 "action": &schema.Schema{ 46 Type: schema.TypeString, 47 Required: true, 48 Description: parameterDescriptions["netsecgroup_action"], 49 }, 50 "source_address_prefix": &schema.Schema{ 51 Type: schema.TypeString, 52 Required: true, 53 Description: parameterDescriptions["netsecgroup_src_addr_prefix"], 54 }, 55 "source_port_range": &schema.Schema{ 56 Type: schema.TypeString, 57 Required: true, 58 Description: parameterDescriptions["netsecgroup_src_port_range"], 59 }, 60 "destination_address_prefix": &schema.Schema{ 61 Type: schema.TypeString, 62 Required: true, 63 Description: parameterDescriptions["netsecgroup_dest_addr_prefix"], 64 }, 65 "destination_port_range": &schema.Schema{ 66 Type: schema.TypeString, 67 Required: true, 68 Description: parameterDescriptions["netsecgroup_dest_port_range"], 69 }, 70 "protocol": &schema.Schema{ 71 Type: schema.TypeString, 72 Required: true, 73 Description: parameterDescriptions["netsecgroup_protocol"], 74 }, 75 }, 76 } 77 } 78 79 // resourceAzureSecurityGroupRuleCreate does all the necessary API calls to 80 // create a new network security group rule on Azure. 81 func resourceAzureSecurityGroupRuleCreate(d *schema.ResourceData, meta interface{}) error { 82 azureClient := meta.(*Client) 83 mgmtClient := azureClient.mgmtClient 84 secGroupClient := azureClient.secGroupClient 85 86 // create and configure the RuleResponse: 87 name := d.Get("name").(string) 88 rule := netsecgroup.RuleRequest{ 89 Name: name, 90 Type: netsecgroup.RuleType(d.Get("type").(string)), 91 Priority: d.Get("priority").(int), 92 Action: netsecgroup.RuleAction(d.Get("action").(string)), 93 SourceAddressPrefix: d.Get("source_address_prefix").(string), 94 SourcePortRange: d.Get("source_port_range").(string), 95 DestinationAddressPrefix: d.Get("destination_address_prefix").(string), 96 DestinationPortRange: d.Get("destination_port_range").(string), 97 Protocol: netsecgroup.RuleProtocol(d.Get("protocol").(string)), 98 } 99 100 // send the create request to Azure: 101 log.Println("[INFO] Sending network security group rule creation request to Azure.") 102 reqID, err := secGroupClient.SetNetworkSecurityGroupRule( 103 d.Get("security_group_name").(string), 104 rule, 105 ) 106 if err != nil { 107 return fmt.Errorf("Error sending network security group rule creation request to Azure: %s", err) 108 } 109 err = mgmtClient.WaitForOperation(reqID, nil) 110 if err != nil { 111 return fmt.Errorf("Error creating network security group rule on Azure: %s", err) 112 } 113 114 d.SetId(name) 115 return nil 116 } 117 118 // resourceAzureSecurityGroupRuleRead does all the necessary API calls to 119 // read the state of a network security group ruke off Azure. 120 func resourceAzureSecurityGroupRuleRead(d *schema.ResourceData, meta interface{}) error { 121 azureClient := meta.(*Client) 122 secGroupClient := azureClient.secGroupClient 123 124 secGroupName := d.Get("security_group_name").(string) 125 126 // get info on the network security group and check its rules for this one: 127 log.Println("[INFO] Sending network security group rule query to Azure.") 128 secgroup, err := secGroupClient.GetNetworkSecurityGroup(secGroupName) 129 if err != nil { 130 if !management.IsResourceNotFoundError(err) { 131 return fmt.Errorf("Error issuing network security group rules query: %s", err) 132 } else { 133 // it meants that the network security group this rule belonged to has 134 // been deleted; so we must remove this resource from the schema: 135 d.SetId("") 136 return nil 137 } 138 } 139 140 // find our security rule: 141 var found bool 142 name := d.Get("name").(string) 143 for _, rule := range secgroup.Rules { 144 if rule.Name == name { 145 found = true 146 log.Println("[DEBUG] Reading state of Azure network security group rule.") 147 148 d.Set("type", rule.Type) 149 d.Set("priority", rule.Priority) 150 d.Set("action", rule.Action) 151 d.Set("source_address_prefix", rule.SourceAddressPrefix) 152 d.Set("source_port_range", rule.SourcePortRange) 153 d.Set("destination_address_prefix", rule.DestinationAddressPrefix) 154 d.Set("destination_port_range", rule.DestinationPortRange) 155 d.Set("protocol", rule.Protocol) 156 157 break 158 } 159 } 160 161 // check if the rule still exists, and is not, remove the resource: 162 if !found { 163 d.SetId("") 164 } 165 return nil 166 } 167 168 // resourceAzureSecurityGroupRuleUpdate does all the necessary API calls to 169 // update the state of a network security group ruke off Azure. 170 func resourceAzureSecurityGroupRuleUpdate(d *schema.ResourceData, meta interface{}) error { 171 azureClient := meta.(*Client) 172 mgmtClient := azureClient.mgmtClient 173 secGroupClient := azureClient.secGroupClient 174 175 secGroupName := d.Get("security_group_name").(string) 176 177 // get info on the network security group and check its rules for this one: 178 log.Println("[INFO] Sending network security group rule query for update to Azure.") 179 secgroup, err := secGroupClient.GetNetworkSecurityGroup(secGroupName) 180 if err != nil { 181 if !management.IsResourceNotFoundError(err) { 182 return fmt.Errorf("Error issuing network security group rules query: %s", err) 183 } else { 184 // it meants that the network security group this rule belonged to has 185 // been deleted; so we must remove this resource from the schema: 186 d.SetId("") 187 return nil 188 } 189 } 190 191 // try and find our security group rule: 192 var found bool 193 name := d.Get("name").(string) 194 for _, rule := range secgroup.Rules { 195 if rule.Name == name { 196 found = true 197 } 198 } 199 // check is the resource has not been deleted in the meantime: 200 if !found { 201 // if not; remove the resource: 202 d.SetId("") 203 return nil 204 } 205 206 // else, start building up the rule request struct: 207 newRule := netsecgroup.RuleRequest{ 208 Name: d.Get("name").(string), 209 Type: netsecgroup.RuleType(d.Get("type").(string)), 210 Priority: d.Get("priority").(int), 211 Action: netsecgroup.RuleAction(d.Get("action").(string)), 212 SourceAddressPrefix: d.Get("source_address_prefix").(string), 213 SourcePortRange: d.Get("source_port_range").(string), 214 DestinationAddressPrefix: d.Get("destination_address_prefix").(string), 215 DestinationPortRange: d.Get("destination_port_range").(string), 216 Protocol: netsecgroup.RuleProtocol(d.Get("protocol").(string)), 217 } 218 219 // send the create request to Azure: 220 log.Println("[INFO] Sending network security group rule update request to Azure.") 221 reqID, err := secGroupClient.SetNetworkSecurityGroupRule( 222 secGroupName, 223 newRule, 224 ) 225 if err != nil { 226 return fmt.Errorf("Error sending network security group rule update request to Azure: %s", err) 227 } 228 err = mgmtClient.WaitForOperation(reqID, nil) 229 if err != nil { 230 return fmt.Errorf("Error updating network security group rule on Azure: %s", err) 231 } 232 233 return nil 234 } 235 236 // resourceAzureSecurityGroupRuleExists does all the necessary API calls to 237 // check for the existence of the network security group rule on Azure. 238 func resourceAzureSecurityGroupRuleExists(d *schema.ResourceData, meta interface{}) (bool, error) { 239 secGroupClient := meta.(*Client).secGroupClient 240 241 secGroupName := d.Get("security_group_name").(string) 242 243 // get info on the network security group and search for our rule: 244 log.Println("[INFO] Sending network security group rule query for existence check to Azure.") 245 secgroup, err := secGroupClient.GetNetworkSecurityGroup(secGroupName) 246 if err != nil { 247 if !management.IsResourceNotFoundError(err) { 248 return false, fmt.Errorf("Error issuing network security group rules query: %s", err) 249 } else { 250 // it meants that the network security group this rule belonged to has 251 // been deleted; so we must remove this resource from the schema: 252 d.SetId("") 253 return false, nil 254 } 255 } 256 257 // try and find our security group rule: 258 name := d.Get("name").(string) 259 for _, rule := range secgroup.Rules { 260 if rule.Name == name { 261 return true, nil 262 } 263 } 264 265 // if here; it means the resource has been deleted in the 266 // meantime and must be removed from the schema: 267 d.SetId("") 268 269 return false, nil 270 } 271 272 // resourceAzureSecurityGroupRuleDelete does all the necessary API calls to 273 // delete a network security group rule off Azure. 274 func resourceAzureSecurityGroupRuleDelete(d *schema.ResourceData, meta interface{}) error { 275 azureClient := meta.(*Client) 276 mgmtClient := azureClient.mgmtClient 277 secGroupClient := azureClient.secGroupClient 278 279 secGroupName := d.Get("security_group_name").(string) 280 281 // get info on the network security group and search for our rule: 282 log.Println("[INFO] Sending network security group rule query for deletion to Azure.") 283 secgroup, err := secGroupClient.GetNetworkSecurityGroup(secGroupName) 284 if err != nil { 285 if management.IsResourceNotFoundError(err) { 286 // it meants that the network security group this rule belonged to has 287 // been deleted; so we need do nothing more but stop tracking the resource: 288 d.SetId("") 289 return nil 290 } else { 291 return fmt.Errorf("Error issuing network security group rules query: %s", err) 292 } 293 } 294 295 // check is the resource has not been deleted in the meantime: 296 name := d.Get("name").(string) 297 for _, rule := range secgroup.Rules { 298 if rule.Name == name { 299 // if not; we shall issue the delete: 300 reqID, err := secGroupClient.DeleteNetworkSecurityGroupRule(secGroupName, name) 301 if err != nil { 302 return fmt.Errorf("Error sending network security group rule delete request to Azure: %s", err) 303 } 304 err = mgmtClient.WaitForOperation(reqID, nil) 305 if err != nil { 306 return fmt.Errorf("Error deleting network security group rule off Azure: %s", err) 307 } 308 } 309 } 310 311 return nil 312 }