github.com/renier/terraform@v0.7.8-0.20161024133817-eb8a9ef5471a/builtin/providers/openstack/resource_openstack_fw_rule_v1.go (about) 1 package openstack 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/gophercloud/gophercloud" 8 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/policies" 9 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/rules" 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceFWRuleV1() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceFWRuleV1Create, 16 Read: resourceFWRuleV1Read, 17 Update: resourceFWRuleV1Update, 18 Delete: resourceFWRuleV1Delete, 19 Importer: &schema.ResourceImporter{ 20 State: schema.ImportStatePassthrough, 21 }, 22 23 Schema: map[string]*schema.Schema{ 24 "region": &schema.Schema{ 25 Type: schema.TypeString, 26 Required: true, 27 ForceNew: true, 28 DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""), 29 }, 30 "name": &schema.Schema{ 31 Type: schema.TypeString, 32 Optional: true, 33 }, 34 "description": &schema.Schema{ 35 Type: schema.TypeString, 36 Optional: true, 37 }, 38 "protocol": &schema.Schema{ 39 Type: schema.TypeString, 40 Required: true, 41 }, 42 "action": &schema.Schema{ 43 Type: schema.TypeString, 44 Required: true, 45 }, 46 "ip_version": &schema.Schema{ 47 Type: schema.TypeInt, 48 Optional: true, 49 Default: 4, 50 }, 51 "source_ip_address": &schema.Schema{ 52 Type: schema.TypeString, 53 Optional: true, 54 }, 55 "destination_ip_address": &schema.Schema{ 56 Type: schema.TypeString, 57 Optional: true, 58 }, 59 "source_port": &schema.Schema{ 60 Type: schema.TypeString, 61 Optional: true, 62 }, 63 "destination_port": &schema.Schema{ 64 Type: schema.TypeString, 65 Optional: true, 66 }, 67 "enabled": &schema.Schema{ 68 Type: schema.TypeBool, 69 Optional: true, 70 Default: true, 71 }, 72 "tenant_id": &schema.Schema{ 73 Type: schema.TypeString, 74 Optional: true, 75 ForceNew: true, 76 }, 77 }, 78 } 79 } 80 81 func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error { 82 83 config := meta.(*Config) 84 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 85 if err != nil { 86 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 87 } 88 89 enabled := d.Get("enabled").(bool) 90 ipVersion := resourceFWRuleV1DetermineIPVersion(d.Get("ip_version").(int)) 91 92 ruleConfiguration := rules.CreateOpts{ 93 Name: d.Get("name").(string), 94 Description: d.Get("description").(string), 95 Protocol: d.Get("protocol").(string), 96 Action: d.Get("action").(string), 97 IPVersion: ipVersion, 98 SourceIPAddress: d.Get("source_ip_address").(string), 99 DestinationIPAddress: d.Get("destination_ip_address").(string), 100 SourcePort: d.Get("source_port").(string), 101 DestinationPort: d.Get("destination_port").(string), 102 Enabled: &enabled, 103 TenantID: d.Get("tenant_id").(string), 104 } 105 106 if v, ok := d.GetOk("ip_version"); ok { 107 ipVersion := resourceFWRuleV1DetermineIPVersion(v.(int)) 108 ruleConfiguration.IPVersion = ipVersion 109 } 110 111 log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration) 112 113 rule, err := rules.Create(networkingClient, ruleConfiguration).Extract() 114 115 if err != nil { 116 return err 117 } 118 119 log.Printf("[DEBUG] Firewall rule with id %s : %#v", rule.ID, rule) 120 121 d.SetId(rule.ID) 122 123 return resourceFWRuleV1Read(d, meta) 124 } 125 126 func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error { 127 log.Printf("[DEBUG] Retrieve information about firewall rule: %s", d.Id()) 128 129 config := meta.(*Config) 130 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 131 if err != nil { 132 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 133 } 134 135 rule, err := rules.Get(networkingClient, d.Id()).Extract() 136 if err != nil { 137 return CheckDeleted(d, err, "FW rule") 138 } 139 140 log.Printf("[DEBUG] Read OpenStack Firewall Rule %s: %#v", d.Id(), rule) 141 142 d.Set("protocol", rule.Protocol) 143 d.Set("action", rule.Action) 144 d.Set("name", rule.Name) 145 d.Set("description", rule.Description) 146 d.Set("ip_version", rule.IPVersion) 147 d.Set("source_ip_address", rule.SourceIPAddress) 148 d.Set("destination_ip_address", rule.DestinationIPAddress) 149 d.Set("source_port", rule.SourcePort) 150 d.Set("destination_port", rule.DestinationPort) 151 d.Set("enabled", rule.Enabled) 152 153 return nil 154 } 155 156 func resourceFWRuleV1Update(d *schema.ResourceData, meta interface{}) error { 157 config := meta.(*Config) 158 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 159 if err != nil { 160 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 161 } 162 163 opts := rules.UpdateOpts{} 164 165 if d.HasChange("name") { 166 v := d.Get("name").(string) 167 opts.Name = &v 168 } 169 170 if d.HasChange("description") { 171 v := d.Get("description").(string) 172 opts.Description = &v 173 } 174 175 if d.HasChange("protocol") { 176 v := d.Get("protocol").(string) 177 opts.Protocol = &v 178 } 179 180 if d.HasChange("action") { 181 v := d.Get("action").(string) 182 opts.Action = &v 183 } 184 185 if d.HasChange("ip_version") { 186 v := d.Get("ip_version").(int) 187 ipVersion := resourceFWRuleV1DetermineIPVersion(v) 188 opts.IPVersion = &ipVersion 189 } 190 191 if d.HasChange("source_ip_address") { 192 v := d.Get("source_ip_address").(string) 193 opts.SourceIPAddress = &v 194 } 195 196 if d.HasChange("destination_ip_address") { 197 v := d.Get("destination_ip_address").(string) 198 opts.DestinationIPAddress = &v 199 } 200 201 if d.HasChange("source_port") { 202 v := d.Get("source_port").(string) 203 opts.SourcePort = &v 204 } 205 206 if d.HasChange("destination_port") { 207 v := d.Get("destination_port").(string) 208 opts.DestinationPort = &v 209 } 210 211 if d.HasChange("enabled") { 212 v := d.Get("enabled").(bool) 213 opts.Enabled = &v 214 } 215 216 log.Printf("[DEBUG] Updating firewall rules: %#v", opts) 217 218 err = rules.Update(networkingClient, d.Id(), opts).Err 219 if err != nil { 220 return err 221 } 222 223 return resourceFWRuleV1Read(d, meta) 224 } 225 226 func resourceFWRuleV1Delete(d *schema.ResourceData, meta interface{}) error { 227 log.Printf("[DEBUG] Destroy firewall rule: %s", d.Id()) 228 229 config := meta.(*Config) 230 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 231 if err != nil { 232 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 233 } 234 235 rule, err := rules.Get(networkingClient, d.Id()).Extract() 236 if err != nil { 237 return err 238 } 239 240 if rule.PolicyID != "" { 241 _, err := policies.RemoveRule(networkingClient, rule.PolicyID, rule.ID).Extract() 242 if err != nil { 243 return err 244 } 245 } 246 247 return rules.Delete(networkingClient, d.Id()).Err 248 } 249 250 func resourceFWRuleV1DetermineIPVersion(ipv int) gophercloud.IPVersion { 251 // Determine the IP Version 252 var ipVersion gophercloud.IPVersion 253 switch ipv { 254 case 4: 255 ipVersion = gophercloud.IPv4 256 case 6: 257 ipVersion = gophercloud.IPv6 258 } 259 260 return ipVersion 261 }