github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/scaleway/resource_scaleway_security_group_rule.go (about) 1 package scaleway 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/hashicorp/terraform/helper/schema" 8 "github.com/scaleway/scaleway-cli/pkg/api" 9 ) 10 11 func resourceScalewaySecurityGroupRule() *schema.Resource { 12 return &schema.Resource{ 13 Create: resourceScalewaySecurityGroupRuleCreate, 14 Read: resourceScalewaySecurityGroupRuleRead, 15 Update: resourceScalewaySecurityGroupRuleUpdate, 16 Delete: resourceScalewaySecurityGroupRuleDelete, 17 Schema: map[string]*schema.Schema{ 18 "security_group": &schema.Schema{ 19 Type: schema.TypeString, 20 Required: true, 21 }, 22 "action": &schema.Schema{ 23 Type: schema.TypeString, 24 Required: true, 25 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 26 value := v.(string) 27 if value != "accept" && value != "drop" { 28 errors = append(errors, fmt.Errorf("%q must be one of 'accept', 'drop'", k)) 29 } 30 return 31 }, 32 }, 33 "direction": &schema.Schema{ 34 Type: schema.TypeString, 35 Required: true, 36 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 37 value := v.(string) 38 if value != "inbound" && value != "outbound" { 39 errors = append(errors, fmt.Errorf("%q must be one of 'inbound', 'outbound'", k)) 40 } 41 return 42 }, 43 }, 44 "ip_range": &schema.Schema{ 45 Type: schema.TypeString, 46 Required: true, 47 }, 48 "protocol": &schema.Schema{ 49 Type: schema.TypeString, 50 Required: true, 51 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 52 value := v.(string) 53 if value != "ICMP" && value != "TCP" && value != "UDP" { 54 errors = append(errors, fmt.Errorf("%q must be one of 'ICMP', 'TCP', 'UDP", k)) 55 } 56 return 57 }, 58 }, 59 "port": &schema.Schema{ 60 Type: schema.TypeInt, 61 Optional: true, 62 }, 63 }, 64 } 65 } 66 67 func resourceScalewaySecurityGroupRuleCreate(d *schema.ResourceData, m interface{}) error { 68 scaleway := m.(*Client).scaleway 69 70 req := api.ScalewayNewSecurityGroupRule{ 71 Action: d.Get("action").(string), 72 Direction: d.Get("direction").(string), 73 IPRange: d.Get("ip_range").(string), 74 Protocol: d.Get("protocol").(string), 75 DestPortFrom: d.Get("port").(int), 76 } 77 78 err := scaleway.PostSecurityGroupRule(d.Get("security_group").(string), req) 79 if err != nil { 80 if serr, ok := err.(api.ScalewayAPIError); ok { 81 log.Printf("[DEBUG] Error creating Security Group Rule: %q\n", serr.APIMessage) 82 } 83 84 return err 85 } 86 87 resp, err := scaleway.GetSecurityGroupRules(d.Get("security_group").(string)) 88 if err != nil { 89 return err 90 } 91 92 matches := func(rule api.ScalewaySecurityGroupRule) bool { 93 return rule.Action == req.Action && 94 rule.Direction == req.Direction && 95 rule.IPRange == req.IPRange && 96 rule.Protocol == req.Protocol && 97 rule.DestPortFrom == req.DestPortFrom 98 } 99 100 for _, rule := range resp.Rules { 101 if matches(rule) { 102 d.SetId(rule.ID) 103 break 104 } 105 } 106 107 if d.Id() == "" { 108 return fmt.Errorf("Failed to find created security group rule") 109 } 110 111 return resourceScalewaySecurityGroupRuleRead(d, m) 112 } 113 114 func resourceScalewaySecurityGroupRuleRead(d *schema.ResourceData, m interface{}) error { 115 scaleway := m.(*Client).scaleway 116 rule, err := scaleway.GetASecurityGroupRule(d.Get("security_group").(string), d.Id()) 117 118 if err != nil { 119 if serr, ok := err.(api.ScalewayAPIError); ok { 120 log.Printf("[DEBUG] error reading Security Group Rule: %q\n", serr.APIMessage) 121 122 if serr.StatusCode == 404 { 123 d.SetId("") 124 return nil 125 } 126 } 127 128 return err 129 } 130 131 d.Set("action", rule.Rules.Action) 132 d.Set("direction", rule.Rules.Direction) 133 d.Set("ip_range", rule.Rules.IPRange) 134 d.Set("protocol", rule.Rules.Protocol) 135 d.Set("port", rule.Rules.DestPortFrom) 136 137 return nil 138 } 139 140 func resourceScalewaySecurityGroupRuleUpdate(d *schema.ResourceData, m interface{}) error { 141 scaleway := m.(*Client).scaleway 142 143 var req = api.ScalewayNewSecurityGroupRule{ 144 Action: d.Get("action").(string), 145 Direction: d.Get("direction").(string), 146 IPRange: d.Get("ip_range").(string), 147 Protocol: d.Get("protocol").(string), 148 DestPortFrom: d.Get("port").(int), 149 } 150 151 if err := scaleway.PutSecurityGroupRule(req, d.Get("security_group").(string), d.Id()); err != nil { 152 log.Printf("[DEBUG] error updating Security Group Rule: %q", err) 153 154 return err 155 } 156 157 return resourceScalewaySecurityGroupRuleRead(d, m) 158 } 159 160 func resourceScalewaySecurityGroupRuleDelete(d *schema.ResourceData, m interface{}) error { 161 scaleway := m.(*Client).scaleway 162 163 err := scaleway.DeleteSecurityGroupRule(d.Get("security_group").(string), d.Id()) 164 if err != nil { 165 if serr, ok := err.(api.ScalewayAPIError); ok { 166 log.Printf("[DEBUG] error reading Security Group Rule: %q\n", serr.APIMessage) 167 168 if serr.StatusCode == 404 { 169 d.SetId("") 170 return nil 171 } 172 } 173 174 return err 175 } 176 177 d.SetId("") 178 return nil 179 }