github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/openstack/resource_openstack_fw_policy_v1.go (about) 1 package openstack 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/hashicorp/terraform/helper/hashcode" 9 "github.com/hashicorp/terraform/helper/schema" 10 "github.com/rackspace/gophercloud" 11 "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/policies" 12 ) 13 14 func resourceFWPolicyV1() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceFWPolicyV1Create, 17 Read: resourceFWPolicyV1Read, 18 Update: resourceFWPolicyV1Update, 19 Delete: resourceFWPolicyV1Delete, 20 21 Schema: map[string]*schema.Schema{ 22 "region": &schema.Schema{ 23 Type: schema.TypeString, 24 Required: true, 25 ForceNew: true, 26 DefaultFunc: envDefaultFuncAllowMissing("OS_REGION_NAME"), 27 }, 28 "name": &schema.Schema{ 29 Type: schema.TypeString, 30 Optional: true, 31 }, 32 "description": &schema.Schema{ 33 Type: schema.TypeString, 34 Optional: true, 35 }, 36 "audited": &schema.Schema{ 37 Type: schema.TypeBool, 38 Optional: true, 39 Default: false, 40 }, 41 "shared": &schema.Schema{ 42 Type: schema.TypeBool, 43 Optional: true, 44 Default: false, 45 }, 46 "tenant_id": &schema.Schema{ 47 Type: schema.TypeString, 48 Optional: true, 49 ForceNew: true, 50 Computed: true, 51 }, 52 "rules": &schema.Schema{ 53 Type: schema.TypeSet, 54 Optional: true, 55 Elem: &schema.Schema{Type: schema.TypeString}, 56 Set: func(v interface{}) int { 57 return hashcode.String(v.(string)) 58 }, 59 }, 60 }, 61 } 62 } 63 64 func resourceFWPolicyV1Create(d *schema.ResourceData, meta interface{}) error { 65 66 config := meta.(*Config) 67 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 68 if err != nil { 69 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 70 } 71 72 v := d.Get("rules").(*schema.Set) 73 74 log.Printf("[DEBUG] Rules found : %#v", v) 75 log.Printf("[DEBUG] Rules count : %d", v.Len()) 76 77 rules := make([]string, v.Len()) 78 for i, v := range v.List() { 79 rules[i] = v.(string) 80 } 81 82 audited := d.Get("audited").(bool) 83 shared := d.Get("shared").(bool) 84 85 opts := policies.CreateOpts{ 86 Name: d.Get("name").(string), 87 Description: d.Get("description").(string), 88 Audited: &audited, 89 Shared: &shared, 90 TenantID: d.Get("tenant_id").(string), 91 Rules: rules, 92 } 93 94 log.Printf("[DEBUG] Create firewall policy: %#v", opts) 95 96 policy, err := policies.Create(networkingClient, opts).Extract() 97 if err != nil { 98 return err 99 } 100 101 log.Printf("[DEBUG] Firewall policy created: %#v", policy) 102 103 d.SetId(policy.ID) 104 105 return resourceFWPolicyV1Read(d, meta) 106 } 107 108 func resourceFWPolicyV1Read(d *schema.ResourceData, meta interface{}) error { 109 log.Printf("[DEBUG] Retrieve information about firewall policy: %s", d.Id()) 110 111 config := meta.(*Config) 112 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 113 if err != nil { 114 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 115 } 116 117 policy, err := policies.Get(networkingClient, d.Id()).Extract() 118 119 if err != nil { 120 return CheckDeleted(d, err, "FW policy") 121 } 122 123 d.Set("name", policy.Name) 124 d.Set("description", policy.Description) 125 d.Set("shared", policy.Shared) 126 d.Set("audited", policy.Audited) 127 d.Set("tenant_id", policy.TenantID) 128 return nil 129 } 130 131 func resourceFWPolicyV1Update(d *schema.ResourceData, meta interface{}) error { 132 133 config := meta.(*Config) 134 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 135 if err != nil { 136 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 137 } 138 139 opts := policies.UpdateOpts{} 140 141 if d.HasChange("name") { 142 opts.Name = d.Get("name").(string) 143 } 144 145 if d.HasChange("description") { 146 opts.Description = d.Get("description").(string) 147 } 148 149 if d.HasChange("rules") { 150 v := d.Get("rules").(*schema.Set) 151 152 log.Printf("[DEBUG] Rules found : %#v", v) 153 log.Printf("[DEBUG] Rules count : %d", v.Len()) 154 155 rules := make([]string, v.Len()) 156 for i, v := range v.List() { 157 rules[i] = v.(string) 158 } 159 opts.Rules = rules 160 } 161 162 log.Printf("[DEBUG] Updating firewall policy with id %s: %#v", d.Id(), opts) 163 164 err = policies.Update(networkingClient, d.Id(), opts).Err 165 if err != nil { 166 return err 167 } 168 169 return resourceFWPolicyV1Read(d, meta) 170 } 171 172 func resourceFWPolicyV1Delete(d *schema.ResourceData, meta interface{}) error { 173 log.Printf("[DEBUG] Destroy firewall policy: %s", d.Id()) 174 175 config := meta.(*Config) 176 networkingClient, err := config.networkingV2Client(d.Get("region").(string)) 177 if err != nil { 178 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 179 } 180 181 for i := 0; i < 15; i++ { 182 183 err = policies.Delete(networkingClient, d.Id()).Err 184 if err == nil { 185 break 186 } 187 188 httpError, ok := err.(*gophercloud.UnexpectedResponseCodeError) 189 if !ok || httpError.Actual != 409 { 190 return err 191 } 192 193 // This error usually means that the policy is attached 194 // to a firewall. At this point, the firewall is probably 195 // being delete. So, we retry a few times. 196 197 time.Sleep(time.Second * 2) 198 } 199 200 return err 201 }