github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/openstack/resource_openstack_fw_rule_v1.go (about) 1 package openstack 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/gophercloud/gophercloud" 8 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/policies" 9 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/rules" 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceFWRuleV1() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceFWRuleV1Create, 16 Read: resourceFWRuleV1Read, 17 Update: resourceFWRuleV1Update, 18 Delete: resourceFWRuleV1Delete, 19 Importer: &schema.ResourceImporter{ 20 State: schema.ImportStatePassthrough, 21 }, 22 23 Schema: map[string]*schema.Schema{ 24 "region": &schema.Schema{ 25 Type: schema.TypeString, 26 Required: true, 27 ForceNew: true, 28 DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""), 29 }, 30 "name": &schema.Schema{ 31 Type: schema.TypeString, 32 Optional: true, 33 }, 34 "description": &schema.Schema{ 35 Type: schema.TypeString, 36 Optional: true, 37 }, 38 "protocol": &schema.Schema{ 39 Type: schema.TypeString, 40 Required: true, 41 }, 42 "action": &schema.Schema{ 43 Type: schema.TypeString, 44 Required: true, 45 }, 46 "ip_version": &schema.Schema{ 47 Type: schema.TypeInt, 48 Optional: true, 49 Default: 4, 50 }, 51 "source_ip_address": &schema.Schema{ 52 Type: schema.TypeString, 53 Optional: true, 54 }, 55 "destination_ip_address": &schema.Schema{ 56 Type: schema.TypeString, 57 Optional: true, 58 }, 59 "source_port": &schema.Schema{ 60 Type: schema.TypeString, 61 Optional: true, 62 }, 63 "destination_port": &schema.Schema{ 64 Type: schema.TypeString, 65 Optional: true, 66 }, 67 "enabled": &schema.Schema{ 68 Type: schema.TypeBool, 69 Optional: true, 70 Default: true, 71 }, 72 "tenant_id": &schema.Schema{ 73 Type: schema.TypeString, 74 Optional: true, 75 ForceNew: true, 76 }, 77 }, 78 } 79 } 80 81 func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error { 82 83 config := meta.(*Config) 84 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 85 if err != nil { 86 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 87 } 88 89 enabled := d.Get("enabled").(bool) 90 ipVersion := resourceFWRuleV1DetermineIPVersion(d.Get("ip_version").(int)) 91 protocol := resourceFWRuleV1DetermineProtocol(d.Get("protocol").(string)) 92 93 ruleConfiguration := rules.CreateOpts{ 94 Name: d.Get("name").(string), 95 Description: d.Get("description").(string), 96 Protocol: protocol, 97 Action: d.Get("action").(string), 98 IPVersion: ipVersion, 99 SourceIPAddress: d.Get("source_ip_address").(string), 100 DestinationIPAddress: d.Get("destination_ip_address").(string), 101 SourcePort: d.Get("source_port").(string), 102 DestinationPort: d.Get("destination_port").(string), 103 Enabled: &enabled, 104 TenantID: d.Get("tenant_id").(string), 105 } 106 107 log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration) 108 109 rule, err := rules.Create(networkingClient, ruleConfiguration).Extract() 110 111 if err != nil { 112 return err 113 } 114 115 log.Printf("[DEBUG] Firewall rule with id %s : %#v", rule.ID, rule) 116 117 d.SetId(rule.ID) 118 119 return resourceFWRuleV1Read(d, meta) 120 } 121 122 func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error { 123 log.Printf("[DEBUG] Retrieve information about firewall rule: %s", d.Id()) 124 125 config := meta.(*Config) 126 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 127 if err != nil { 128 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 129 } 130 131 rule, err := rules.Get(networkingClient, d.Id()).Extract() 132 if err != nil { 133 return CheckDeleted(d, err, "FW rule") 134 } 135 136 log.Printf("[DEBUG] Read OpenStack Firewall Rule %s: %#v", d.Id(), rule) 137 138 d.Set("action", rule.Action) 139 d.Set("name", rule.Name) 140 d.Set("description", rule.Description) 141 d.Set("ip_version", rule.IPVersion) 142 d.Set("source_ip_address", rule.SourceIPAddress) 143 d.Set("destination_ip_address", rule.DestinationIPAddress) 144 d.Set("source_port", rule.SourcePort) 145 d.Set("destination_port", rule.DestinationPort) 146 d.Set("enabled", rule.Enabled) 147 148 if rule.Protocol == "" { 149 d.Set("protocol", "any") 150 } else { 151 d.Set("protocol", rule.Protocol) 152 } 153 154 return nil 155 } 156 157 func resourceFWRuleV1Update(d *schema.ResourceData, meta interface{}) error { 158 config := meta.(*Config) 159 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 160 if err != nil { 161 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 162 } 163 164 opts := rules.UpdateOpts{} 165 166 if d.HasChange("name") { 167 v := d.Get("name").(string) 168 opts.Name = &v 169 } 170 171 if d.HasChange("description") { 172 v := d.Get("description").(string) 173 opts.Description = &v 174 } 175 176 if d.HasChange("protocol") { 177 v := d.Get("protocol").(string) 178 opts.Protocol = &v 179 } 180 181 if d.HasChange("action") { 182 v := d.Get("action").(string) 183 opts.Action = &v 184 } 185 186 if d.HasChange("ip_version") { 187 v := d.Get("ip_version").(int) 188 ipVersion := resourceFWRuleV1DetermineIPVersion(v) 189 opts.IPVersion = &ipVersion 190 } 191 192 if d.HasChange("source_ip_address") { 193 v := d.Get("source_ip_address").(string) 194 opts.SourceIPAddress = &v 195 } 196 197 if d.HasChange("destination_ip_address") { 198 v := d.Get("destination_ip_address").(string) 199 opts.DestinationIPAddress = &v 200 } 201 202 if d.HasChange("source_port") { 203 v := d.Get("source_port").(string) 204 opts.SourcePort = &v 205 } 206 207 if d.HasChange("destination_port") { 208 v := d.Get("destination_port").(string) 209 opts.DestinationPort = &v 210 } 211 212 if d.HasChange("enabled") { 213 v := d.Get("enabled").(bool) 214 opts.Enabled = &v 215 } 216 217 log.Printf("[DEBUG] Updating firewall rules: %#v", opts) 218 219 err = rules.Update(networkingClient, d.Id(), opts).Err 220 if err != nil { 221 return err 222 } 223 224 return resourceFWRuleV1Read(d, meta) 225 } 226 227 func resourceFWRuleV1Delete(d *schema.ResourceData, meta interface{}) error { 228 log.Printf("[DEBUG] Destroy firewall rule: %s", d.Id()) 229 230 config := meta.(*Config) 231 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 232 if err != nil { 233 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 234 } 235 236 rule, err := rules.Get(networkingClient, d.Id()).Extract() 237 if err != nil { 238 return err 239 } 240 241 if rule.PolicyID != "" { 242 _, err := policies.RemoveRule(networkingClient, rule.PolicyID, rule.ID).Extract() 243 if err != nil { 244 return err 245 } 246 } 247 248 return rules.Delete(networkingClient, d.Id()).Err 249 } 250 251 func resourceFWRuleV1DetermineIPVersion(ipv int) gophercloud.IPVersion { 252 // Determine the IP Version 253 var ipVersion gophercloud.IPVersion 254 switch ipv { 255 case 4: 256 ipVersion = gophercloud.IPv4 257 case 6: 258 ipVersion = gophercloud.IPv6 259 } 260 261 return ipVersion 262 } 263 264 func resourceFWRuleV1DetermineProtocol(p string) rules.Protocol { 265 var protocol rules.Protocol 266 switch p { 267 case "any": 268 protocol = rules.ProtocolAny 269 case "icmp": 270 protocol = rules.ProtocolICMP 271 case "tcp": 272 protocol = rules.ProtocolTCP 273 case "udp": 274 protocol = rules.ProtocolUDP 275 } 276 277 return protocol 278 }