github.com/tam7t/terraform@v0.7.0-rc2.0.20160705125922-be2469a05c5e/builtin/providers/azurerm/resource_arm_network_security_rule.go (about) 1 package azurerm 2 3 import ( 4 "fmt" 5 "net/http" 6 7 "github.com/Azure/azure-sdk-for-go/arm/network" 8 "github.com/hashicorp/terraform/helper/schema" 9 ) 10 11 func resourceArmNetworkSecurityRule() *schema.Resource { 12 return &schema.Resource{ 13 Create: resourceArmNetworkSecurityRuleCreate, 14 Read: resourceArmNetworkSecurityRuleRead, 15 Update: resourceArmNetworkSecurityRuleCreate, 16 Delete: resourceArmNetworkSecurityRuleDelete, 17 18 Schema: map[string]*schema.Schema{ 19 "name": { 20 Type: schema.TypeString, 21 Required: true, 22 ForceNew: true, 23 }, 24 25 "resource_group_name": { 26 Type: schema.TypeString, 27 Required: true, 28 ForceNew: true, 29 }, 30 31 "network_security_group_name": { 32 Type: schema.TypeString, 33 Required: true, 34 }, 35 36 "description": { 37 Type: schema.TypeString, 38 Optional: true, 39 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 40 value := v.(string) 41 if len(value) > 140 { 42 errors = append(errors, fmt.Errorf( 43 "The network security rule description can be no longer than 140 chars")) 44 } 45 return 46 }, 47 }, 48 49 "protocol": { 50 Type: schema.TypeString, 51 Required: true, 52 ValidateFunc: validateNetworkSecurityRuleProtocol, 53 }, 54 55 "source_port_range": { 56 Type: schema.TypeString, 57 Required: true, 58 }, 59 60 "destination_port_range": { 61 Type: schema.TypeString, 62 Required: true, 63 }, 64 65 "source_address_prefix": { 66 Type: schema.TypeString, 67 Required: true, 68 }, 69 70 "destination_address_prefix": { 71 Type: schema.TypeString, 72 Required: true, 73 }, 74 75 "access": { 76 Type: schema.TypeString, 77 Required: true, 78 ValidateFunc: validateNetworkSecurityRuleAccess, 79 }, 80 81 "priority": { 82 Type: schema.TypeInt, 83 Required: true, 84 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 85 value := v.(int) 86 if value < 100 || value > 4096 { 87 errors = append(errors, fmt.Errorf( 88 "The `priority` can only be between 100 and 4096")) 89 } 90 return 91 }, 92 }, 93 94 "direction": { 95 Type: schema.TypeString, 96 Required: true, 97 ValidateFunc: validateNetworkSecurityRuleDirection, 98 }, 99 }, 100 } 101 } 102 103 func resourceArmNetworkSecurityRuleCreate(d *schema.ResourceData, meta interface{}) error { 104 client := meta.(*ArmClient) 105 secClient := client.secRuleClient 106 107 name := d.Get("name").(string) 108 nsgName := d.Get("network_security_group_name").(string) 109 resGroup := d.Get("resource_group_name").(string) 110 111 source_port_range := d.Get("source_port_range").(string) 112 destination_port_range := d.Get("destination_port_range").(string) 113 source_address_prefix := d.Get("source_address_prefix").(string) 114 destination_address_prefix := d.Get("destination_address_prefix").(string) 115 priority := int32(d.Get("priority").(int)) 116 access := d.Get("access").(string) 117 direction := d.Get("direction").(string) 118 protocol := d.Get("protocol").(string) 119 120 armMutexKV.Lock(nsgName) 121 defer armMutexKV.Unlock(nsgName) 122 123 properties := network.SecurityRulePropertiesFormat{ 124 SourcePortRange: &source_port_range, 125 DestinationPortRange: &destination_port_range, 126 SourceAddressPrefix: &source_address_prefix, 127 DestinationAddressPrefix: &destination_address_prefix, 128 Priority: &priority, 129 Access: network.SecurityRuleAccess(access), 130 Direction: network.SecurityRuleDirection(direction), 131 Protocol: network.SecurityRuleProtocol(protocol), 132 } 133 134 if v, ok := d.GetOk("description"); ok { 135 description := v.(string) 136 properties.Description = &description 137 } 138 139 sgr := network.SecurityRule{ 140 Name: &name, 141 Properties: &properties, 142 } 143 144 _, err := secClient.CreateOrUpdate(resGroup, nsgName, name, sgr, make(chan struct{})) 145 if err != nil { 146 return err 147 } 148 149 read, err := secClient.Get(resGroup, nsgName, name) 150 if err != nil { 151 return err 152 } 153 if read.ID == nil { 154 return fmt.Errorf("Cannot read Security Group Rule %s/%s (resource group %s) ID", 155 nsgName, name, resGroup) 156 } 157 158 d.SetId(*read.ID) 159 160 return resourceArmNetworkSecurityRuleRead(d, meta) 161 } 162 163 func resourceArmNetworkSecurityRuleRead(d *schema.ResourceData, meta interface{}) error { 164 secRuleClient := meta.(*ArmClient).secRuleClient 165 166 id, err := parseAzureResourceID(d.Id()) 167 if err != nil { 168 return err 169 } 170 resGroup := id.ResourceGroup 171 networkSGName := id.Path["networkSecurityGroups"] 172 sgRuleName := id.Path["securityRules"] 173 174 resp, err := secRuleClient.Get(resGroup, networkSGName, sgRuleName) 175 if resp.StatusCode == http.StatusNotFound { 176 d.SetId("") 177 return nil 178 } 179 if err != nil { 180 return fmt.Errorf("Error making Read request on Azure Network Security Rule %s: %s", sgRuleName, err) 181 } 182 183 return nil 184 } 185 186 func resourceArmNetworkSecurityRuleDelete(d *schema.ResourceData, meta interface{}) error { 187 client := meta.(*ArmClient) 188 secRuleClient := client.secRuleClient 189 190 id, err := parseAzureResourceID(d.Id()) 191 if err != nil { 192 return err 193 } 194 resGroup := id.ResourceGroup 195 nsgName := id.Path["networkSecurityGroups"] 196 sgRuleName := id.Path["securityRules"] 197 198 armMutexKV.Lock(nsgName) 199 defer armMutexKV.Unlock(nsgName) 200 201 _, err = secRuleClient.Delete(resGroup, nsgName, sgRuleName, make(chan struct{})) 202 203 return err 204 }