github.com/pmcatominey/terraform@v0.7.0-rc2.0.20160708105029-1401a52a5cc5/builtin/providers/openstack/resource_openstack_fw_policy_v1.go (about) 1 package openstack 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/hashicorp/terraform/helper/schema" 9 "github.com/rackspace/gophercloud" 10 "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/policies" 11 ) 12 13 func resourceFWPolicyV1() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceFWPolicyV1Create, 16 Read: resourceFWPolicyV1Read, 17 Update: resourceFWPolicyV1Update, 18 Delete: resourceFWPolicyV1Delete, 19 Importer: &schema.ResourceImporter{ 20 State: schema.ImportStatePassthrough, 21 }, 22 23 Schema: map[string]*schema.Schema{ 24 "region": &schema.Schema{ 25 Type: schema.TypeString, 26 Required: true, 27 ForceNew: true, 28 DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""), 29 }, 30 "name": &schema.Schema{ 31 Type: schema.TypeString, 32 Optional: true, 33 }, 34 "description": &schema.Schema{ 35 Type: schema.TypeString, 36 Optional: true, 37 }, 38 "audited": &schema.Schema{ 39 Type: schema.TypeBool, 40 Optional: true, 41 Default: false, 42 }, 43 "shared": &schema.Schema{ 44 Type: schema.TypeBool, 45 Optional: true, 46 Default: false, 47 }, 48 "tenant_id": &schema.Schema{ 49 Type: schema.TypeString, 50 Optional: true, 51 ForceNew: true, 52 Computed: true, 53 }, 54 "rules": &schema.Schema{ 55 Type: schema.TypeList, 56 Optional: true, 57 Elem: &schema.Schema{Type: schema.TypeString}, 58 }, 59 }, 60 } 61 } 62 63 func resourceFWPolicyV1Create(d *schema.ResourceData, meta interface{}) error { 64 65 config := meta.(*Config) 66 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 67 if err != nil { 68 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 69 } 70 71 v := d.Get("rules").([]interface{}) 72 73 log.Printf("[DEBUG] Rules found : %#v", v) 74 log.Printf("[DEBUG] Rules count : %d", len(v)) 75 76 rules := make([]string, len(v)) 77 for i, v := range v { 78 rules[i] = v.(string) 79 } 80 81 audited := d.Get("audited").(bool) 82 shared := d.Get("shared").(bool) 83 84 opts := policies.CreateOpts{ 85 Name: d.Get("name").(string), 86 Description: d.Get("description").(string), 87 Audited: &audited, 88 Shared: &shared, 89 TenantID: d.Get("tenant_id").(string), 90 Rules: rules, 91 } 92 93 log.Printf("[DEBUG] Create firewall policy: %#v", opts) 94 95 policy, err := policies.Create(networkingClient, opts).Extract() 96 if err != nil { 97 return err 98 } 99 100 log.Printf("[DEBUG] Firewall policy created: %#v", policy) 101 102 d.SetId(policy.ID) 103 104 return resourceFWPolicyV1Read(d, meta) 105 } 106 107 func resourceFWPolicyV1Read(d *schema.ResourceData, meta interface{}) error { 108 log.Printf("[DEBUG] Retrieve information about firewall policy: %s", d.Id()) 109 110 config := meta.(*Config) 111 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 112 if err != nil { 113 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 114 } 115 116 policy, err := policies.Get(networkingClient, d.Id()).Extract() 117 if err != nil { 118 return CheckDeleted(d, err, "FW policy") 119 } 120 121 log.Printf("[DEBUG] Read OpenStack Firewall Policy %s: %#v", d.Id(), policy) 122 123 d.Set("name", policy.Name) 124 d.Set("description", policy.Description) 125 d.Set("shared", policy.Shared) 126 d.Set("audited", policy.Audited) 127 d.Set("tenant_id", policy.TenantID) 128 d.Set("rules", policy.Rules) 129 return nil 130 } 131 132 func resourceFWPolicyV1Update(d *schema.ResourceData, meta interface{}) error { 133 134 config := meta.(*Config) 135 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 136 if err != nil { 137 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 138 } 139 140 opts := policies.UpdateOpts{} 141 142 if d.HasChange("name") { 143 opts.Name = d.Get("name").(string) 144 } 145 146 if d.HasChange("description") { 147 opts.Description = d.Get("description").(string) 148 } 149 150 if d.HasChange("rules") { 151 v := d.Get("rules").([]interface{}) 152 153 log.Printf("[DEBUG] Rules found : %#v", v) 154 log.Printf("[DEBUG] Rules count : %d", len(v)) 155 156 rules := make([]string, len(v)) 157 for i, v := range v { 158 rules[i] = v.(string) 159 } 160 opts.Rules = rules 161 } 162 163 log.Printf("[DEBUG] Updating firewall policy with id %s: %#v", d.Id(), opts) 164 165 err = policies.Update(networkingClient, d.Id(), opts).Err 166 if err != nil { 167 return err 168 } 169 170 return resourceFWPolicyV1Read(d, meta) 171 } 172 173 func resourceFWPolicyV1Delete(d *schema.ResourceData, meta interface{}) error { 174 log.Printf("[DEBUG] Destroy firewall policy: %s", d.Id()) 175 176 config := meta.(*Config) 177 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 178 if err != nil { 179 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 180 } 181 182 for i := 0; i < 15; i++ { 183 184 err = policies.Delete(networkingClient, d.Id()).Err 185 if err == nil { 186 break 187 } 188 189 httpError, ok := err.(*gophercloud.UnexpectedResponseCodeError) 190 if !ok || httpError.Actual != 409 { 191 return err 192 } 193 194 // This error usually means that the policy is attached 195 // to a firewall. At this point, the firewall is probably 196 // being delete. So, we retry a few times. 197 198 time.Sleep(time.Second * 2) 199 } 200 201 return err 202 }