github.com/mehmetalisavas/terraform@v0.7.10/builtin/providers/openstack/resource_openstack_fw_rule_v1.go (about) 1 package openstack 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/gophercloud/gophercloud" 8 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/policies" 9 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/rules" 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceFWRuleV1() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceFWRuleV1Create, 16 Read: resourceFWRuleV1Read, 17 Update: resourceFWRuleV1Update, 18 Delete: resourceFWRuleV1Delete, 19 Importer: &schema.ResourceImporter{ 20 State: schema.ImportStatePassthrough, 21 }, 22 23 Schema: map[string]*schema.Schema{ 24 "region": &schema.Schema{ 25 Type: schema.TypeString, 26 Required: true, 27 ForceNew: true, 28 DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""), 29 }, 30 "name": &schema.Schema{ 31 Type: schema.TypeString, 32 Optional: true, 33 }, 34 "description": &schema.Schema{ 35 Type: schema.TypeString, 36 Optional: true, 37 }, 38 "protocol": &schema.Schema{ 39 Type: schema.TypeString, 40 Required: true, 41 }, 42 "action": &schema.Schema{ 43 Type: schema.TypeString, 44 Required: true, 45 }, 46 "ip_version": &schema.Schema{ 47 Type: schema.TypeInt, 48 Optional: true, 49 Default: 4, 50 }, 51 "source_ip_address": &schema.Schema{ 52 Type: schema.TypeString, 53 Optional: true, 54 }, 55 "destination_ip_address": &schema.Schema{ 56 Type: schema.TypeString, 57 Optional: true, 58 }, 59 "source_port": &schema.Schema{ 60 Type: schema.TypeString, 61 Optional: true, 62 }, 63 "destination_port": &schema.Schema{ 64 Type: schema.TypeString, 65 Optional: true, 66 }, 67 "enabled": &schema.Schema{ 68 Type: schema.TypeBool, 69 Optional: true, 70 Default: true, 71 }, 72 "tenant_id": &schema.Schema{ 73 Type: schema.TypeString, 74 Optional: true, 75 ForceNew: true, 76 }, 77 "value_specs": &schema.Schema{ 78 Type: schema.TypeMap, 79 Optional: true, 80 ForceNew: true, 81 }, 82 }, 83 } 84 } 85 86 func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error { 87 88 config := meta.(*Config) 89 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 90 if err != nil { 91 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 92 } 93 94 enabled := d.Get("enabled").(bool) 95 ipVersion := resourceFWRuleV1DetermineIPVersion(d.Get("ip_version").(int)) 96 protocol := resourceFWRuleV1DetermineProtocol(d.Get("protocol").(string)) 97 98 ruleConfiguration := RuleCreateOpts{ 99 rules.CreateOpts{ 100 Name: d.Get("name").(string), 101 Description: d.Get("description").(string), 102 Protocol: protocol, 103 Action: d.Get("action").(string), 104 IPVersion: ipVersion, 105 SourceIPAddress: d.Get("source_ip_address").(string), 106 DestinationIPAddress: d.Get("destination_ip_address").(string), 107 SourcePort: d.Get("source_port").(string), 108 DestinationPort: d.Get("destination_port").(string), 109 Enabled: &enabled, 110 TenantID: d.Get("tenant_id").(string), 111 }, 112 MapValueSpecs(d), 113 } 114 115 log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration) 116 117 rule, err := rules.Create(networkingClient, ruleConfiguration).Extract() 118 119 if err != nil { 120 return err 121 } 122 123 log.Printf("[DEBUG] Firewall rule with id %s : %#v", rule.ID, rule) 124 125 d.SetId(rule.ID) 126 127 return resourceFWRuleV1Read(d, meta) 128 } 129 130 func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error { 131 log.Printf("[DEBUG] Retrieve information about firewall rule: %s", d.Id()) 132 133 config := meta.(*Config) 134 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 135 if err != nil { 136 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 137 } 138 139 rule, err := rules.Get(networkingClient, d.Id()).Extract() 140 if err != nil { 141 return CheckDeleted(d, err, "FW rule") 142 } 143 144 log.Printf("[DEBUG] Read OpenStack Firewall Rule %s: %#v", d.Id(), rule) 145 146 d.Set("action", rule.Action) 147 d.Set("name", rule.Name) 148 d.Set("description", rule.Description) 149 d.Set("ip_version", rule.IPVersion) 150 d.Set("source_ip_address", rule.SourceIPAddress) 151 d.Set("destination_ip_address", rule.DestinationIPAddress) 152 d.Set("source_port", rule.SourcePort) 153 d.Set("destination_port", rule.DestinationPort) 154 d.Set("enabled", rule.Enabled) 155 156 if rule.Protocol == "" { 157 d.Set("protocol", "any") 158 } else { 159 d.Set("protocol", rule.Protocol) 160 } 161 162 return nil 163 } 164 165 func resourceFWRuleV1Update(d *schema.ResourceData, meta interface{}) error { 166 config := meta.(*Config) 167 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 168 if err != nil { 169 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 170 } 171 172 opts := rules.UpdateOpts{} 173 174 if d.HasChange("name") { 175 v := d.Get("name").(string) 176 opts.Name = &v 177 } 178 179 if d.HasChange("description") { 180 v := d.Get("description").(string) 181 opts.Description = &v 182 } 183 184 if d.HasChange("protocol") { 185 v := d.Get("protocol").(string) 186 opts.Protocol = &v 187 } 188 189 if d.HasChange("action") { 190 v := d.Get("action").(string) 191 opts.Action = &v 192 } 193 194 if d.HasChange("ip_version") { 195 v := d.Get("ip_version").(int) 196 ipVersion := resourceFWRuleV1DetermineIPVersion(v) 197 opts.IPVersion = &ipVersion 198 } 199 200 if d.HasChange("source_ip_address") { 201 v := d.Get("source_ip_address").(string) 202 opts.SourceIPAddress = &v 203 } 204 205 if d.HasChange("destination_ip_address") { 206 v := d.Get("destination_ip_address").(string) 207 opts.DestinationIPAddress = &v 208 } 209 210 if d.HasChange("source_port") { 211 v := d.Get("source_port").(string) 212 opts.SourcePort = &v 213 } 214 215 if d.HasChange("destination_port") { 216 v := d.Get("destination_port").(string) 217 opts.DestinationPort = &v 218 } 219 220 if d.HasChange("enabled") { 221 v := d.Get("enabled").(bool) 222 opts.Enabled = &v 223 } 224 225 log.Printf("[DEBUG] Updating firewall rules: %#v", opts) 226 227 err = rules.Update(networkingClient, d.Id(), opts).Err 228 if err != nil { 229 return err 230 } 231 232 return resourceFWRuleV1Read(d, meta) 233 } 234 235 func resourceFWRuleV1Delete(d *schema.ResourceData, meta interface{}) error { 236 log.Printf("[DEBUG] Destroy firewall rule: %s", d.Id()) 237 238 config := meta.(*Config) 239 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 240 if err != nil { 241 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 242 } 243 244 rule, err := rules.Get(networkingClient, d.Id()).Extract() 245 if err != nil { 246 return err 247 } 248 249 if rule.PolicyID != "" { 250 _, err := policies.RemoveRule(networkingClient, rule.PolicyID, rule.ID).Extract() 251 if err != nil { 252 return err 253 } 254 } 255 256 return rules.Delete(networkingClient, d.Id()).Err 257 } 258 259 func resourceFWRuleV1DetermineIPVersion(ipv int) gophercloud.IPVersion { 260 // Determine the IP Version 261 var ipVersion gophercloud.IPVersion 262 switch ipv { 263 case 4: 264 ipVersion = gophercloud.IPv4 265 case 6: 266 ipVersion = gophercloud.IPv6 267 } 268 269 return ipVersion 270 } 271 272 func resourceFWRuleV1DetermineProtocol(p string) rules.Protocol { 273 var protocol rules.Protocol 274 switch p { 275 case "any": 276 protocol = rules.ProtocolAny 277 case "icmp": 278 protocol = rules.ProtocolICMP 279 case "tcp": 280 protocol = rules.ProtocolTCP 281 case "udp": 282 protocol = rules.ProtocolUDP 283 } 284 285 return protocol 286 }