github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/azurerm/resource_arm_network_security_rule.go (about)

     1  package azurerm
     2  
     3  import (
     4  	"fmt"
     5  	"net/http"
     6  
     7  	"github.com/Azure/azure-sdk-for-go/arm/network"
     8  	"github.com/hashicorp/terraform/helper/schema"
     9  )
    10  
    11  func resourceArmNetworkSecurityRule() *schema.Resource {
    12  	return &schema.Resource{
    13  		Create: resourceArmNetworkSecurityRuleCreate,
    14  		Read:   resourceArmNetworkSecurityRuleRead,
    15  		Update: resourceArmNetworkSecurityRuleCreate,
    16  		Delete: resourceArmNetworkSecurityRuleDelete,
    17  		Importer: &schema.ResourceImporter{
    18  			State: schema.ImportStatePassthrough,
    19  		},
    20  
    21  		Schema: map[string]*schema.Schema{
    22  			"name": {
    23  				Type:     schema.TypeString,
    24  				Required: true,
    25  				ForceNew: true,
    26  			},
    27  
    28  			"resource_group_name": {
    29  				Type:     schema.TypeString,
    30  				Required: true,
    31  				ForceNew: true,
    32  			},
    33  
    34  			"network_security_group_name": {
    35  				Type:     schema.TypeString,
    36  				Required: true,
    37  			},
    38  
    39  			"description": {
    40  				Type:     schema.TypeString,
    41  				Optional: true,
    42  				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
    43  					value := v.(string)
    44  					if len(value) > 140 {
    45  						errors = append(errors, fmt.Errorf(
    46  							"The network security rule description can be no longer than 140 chars"))
    47  					}
    48  					return
    49  				},
    50  			},
    51  
    52  			"protocol": {
    53  				Type:         schema.TypeString,
    54  				Required:     true,
    55  				ValidateFunc: validateNetworkSecurityRuleProtocol,
    56  			},
    57  
    58  			"source_port_range": {
    59  				Type:     schema.TypeString,
    60  				Required: true,
    61  			},
    62  
    63  			"destination_port_range": {
    64  				Type:     schema.TypeString,
    65  				Required: true,
    66  			},
    67  
    68  			"source_address_prefix": {
    69  				Type:     schema.TypeString,
    70  				Required: true,
    71  			},
    72  
    73  			"destination_address_prefix": {
    74  				Type:     schema.TypeString,
    75  				Required: true,
    76  			},
    77  
    78  			"access": {
    79  				Type:         schema.TypeString,
    80  				Required:     true,
    81  				ValidateFunc: validateNetworkSecurityRuleAccess,
    82  			},
    83  
    84  			"priority": {
    85  				Type:     schema.TypeInt,
    86  				Required: true,
    87  				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
    88  					value := v.(int)
    89  					if value < 100 || value > 4096 {
    90  						errors = append(errors, fmt.Errorf(
    91  							"The `priority` can only be between 100 and 4096"))
    92  					}
    93  					return
    94  				},
    95  			},
    96  
    97  			"direction": {
    98  				Type:         schema.TypeString,
    99  				Required:     true,
   100  				ValidateFunc: validateNetworkSecurityRuleDirection,
   101  			},
   102  		},
   103  	}
   104  }
   105  
   106  func resourceArmNetworkSecurityRuleCreate(d *schema.ResourceData, meta interface{}) error {
   107  	client := meta.(*ArmClient)
   108  	secClient := client.secRuleClient
   109  
   110  	name := d.Get("name").(string)
   111  	nsgName := d.Get("network_security_group_name").(string)
   112  	resGroup := d.Get("resource_group_name").(string)
   113  
   114  	source_port_range := d.Get("source_port_range").(string)
   115  	destination_port_range := d.Get("destination_port_range").(string)
   116  	source_address_prefix := d.Get("source_address_prefix").(string)
   117  	destination_address_prefix := d.Get("destination_address_prefix").(string)
   118  	priority := int32(d.Get("priority").(int))
   119  	access := d.Get("access").(string)
   120  	direction := d.Get("direction").(string)
   121  	protocol := d.Get("protocol").(string)
   122  
   123  	armMutexKV.Lock(nsgName)
   124  	defer armMutexKV.Unlock(nsgName)
   125  
   126  	properties := network.SecurityRulePropertiesFormat{
   127  		SourcePortRange:          &source_port_range,
   128  		DestinationPortRange:     &destination_port_range,
   129  		SourceAddressPrefix:      &source_address_prefix,
   130  		DestinationAddressPrefix: &destination_address_prefix,
   131  		Priority:                 &priority,
   132  		Access:                   network.SecurityRuleAccess(access),
   133  		Direction:                network.SecurityRuleDirection(direction),
   134  		Protocol:                 network.SecurityRuleProtocol(protocol),
   135  	}
   136  
   137  	if v, ok := d.GetOk("description"); ok {
   138  		description := v.(string)
   139  		properties.Description = &description
   140  	}
   141  
   142  	sgr := network.SecurityRule{
   143  		Name:       &name,
   144  		Properties: &properties,
   145  	}
   146  
   147  	_, err := secClient.CreateOrUpdate(resGroup, nsgName, name, sgr, make(chan struct{}))
   148  	if err != nil {
   149  		return err
   150  	}
   151  
   152  	read, err := secClient.Get(resGroup, nsgName, name)
   153  	if err != nil {
   154  		return err
   155  	}
   156  	if read.ID == nil {
   157  		return fmt.Errorf("Cannot read Security Group Rule %s/%s (resource group %s) ID",
   158  			nsgName, name, resGroup)
   159  	}
   160  
   161  	d.SetId(*read.ID)
   162  
   163  	return resourceArmNetworkSecurityRuleRead(d, meta)
   164  }
   165  
   166  func resourceArmNetworkSecurityRuleRead(d *schema.ResourceData, meta interface{}) error {
   167  	secRuleClient := meta.(*ArmClient).secRuleClient
   168  
   169  	id, err := parseAzureResourceID(d.Id())
   170  	if err != nil {
   171  		return err
   172  	}
   173  	resGroup := id.ResourceGroup
   174  	networkSGName := id.Path["networkSecurityGroups"]
   175  	sgRuleName := id.Path["securityRules"]
   176  
   177  	resp, err := secRuleClient.Get(resGroup, networkSGName, sgRuleName)
   178  	if err != nil {
   179  		if resp.StatusCode == http.StatusNotFound {
   180  			d.SetId("")
   181  			return nil
   182  		}
   183  		return fmt.Errorf("Error making Read request on Azure Network Security Rule %s: %s", sgRuleName, err)
   184  	}
   185  
   186  	d.Set("resource_group_name", resGroup)
   187  	d.Set("access", resp.Properties.Access)
   188  	d.Set("destination_address_prefix", resp.Properties.DestinationAddressPrefix)
   189  	d.Set("destination_port_range", resp.Properties.DestinationPortRange)
   190  	d.Set("direction", resp.Properties.Direction)
   191  	d.Set("description", resp.Properties.Description)
   192  	d.Set("name", resp.Name)
   193  	d.Set("priority", resp.Properties.Priority)
   194  	d.Set("protocol", resp.Properties.Protocol)
   195  	d.Set("source_address_prefix", resp.Properties.SourceAddressPrefix)
   196  	d.Set("source_port_range", resp.Properties.SourcePortRange)
   197  
   198  	return nil
   199  }
   200  
   201  func resourceArmNetworkSecurityRuleDelete(d *schema.ResourceData, meta interface{}) error {
   202  	client := meta.(*ArmClient)
   203  	secRuleClient := client.secRuleClient
   204  
   205  	id, err := parseAzureResourceID(d.Id())
   206  	if err != nil {
   207  		return err
   208  	}
   209  	resGroup := id.ResourceGroup
   210  	nsgName := id.Path["networkSecurityGroups"]
   211  	sgRuleName := id.Path["securityRules"]
   212  
   213  	armMutexKV.Lock(nsgName)
   214  	defer armMutexKV.Unlock(nsgName)
   215  
   216  	_, err = secRuleClient.Delete(resGroup, nsgName, sgRuleName, make(chan struct{}))
   217  
   218  	return err
   219  }