github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/scaleway/resource_scaleway_security_group_rule.go (about)

     1  package scaleway
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  
     7  	"github.com/hashicorp/terraform/helper/schema"
     8  	"github.com/scaleway/scaleway-cli/pkg/api"
     9  )
    10  
    11  func resourceScalewaySecurityGroupRule() *schema.Resource {
    12  	return &schema.Resource{
    13  		Create: resourceScalewaySecurityGroupRuleCreate,
    14  		Read:   resourceScalewaySecurityGroupRuleRead,
    15  		Update: resourceScalewaySecurityGroupRuleUpdate,
    16  		Delete: resourceScalewaySecurityGroupRuleDelete,
    17  		Schema: map[string]*schema.Schema{
    18  			"security_group": &schema.Schema{
    19  				Type:     schema.TypeString,
    20  				Required: true,
    21  			},
    22  			"action": &schema.Schema{
    23  				Type:     schema.TypeString,
    24  				Required: true,
    25  				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
    26  					value := v.(string)
    27  					if value != "accept" && value != "drop" {
    28  						errors = append(errors, fmt.Errorf("%q must be one of 'accept', 'drop'", k))
    29  					}
    30  					return
    31  				},
    32  			},
    33  			"direction": &schema.Schema{
    34  				Type:     schema.TypeString,
    35  				Required: true,
    36  				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
    37  					value := v.(string)
    38  					if value != "inbound" && value != "outbound" {
    39  						errors = append(errors, fmt.Errorf("%q must be one of 'inbound', 'outbound'", k))
    40  					}
    41  					return
    42  				},
    43  			},
    44  			"ip_range": &schema.Schema{
    45  				Type:     schema.TypeString,
    46  				Required: true,
    47  			},
    48  			"protocol": &schema.Schema{
    49  				Type:     schema.TypeString,
    50  				Required: true,
    51  				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
    52  					value := v.(string)
    53  					if value != "ICMP" && value != "TCP" && value != "UDP" {
    54  						errors = append(errors, fmt.Errorf("%q must be one of 'ICMP', 'TCP', 'UDP", k))
    55  					}
    56  					return
    57  				},
    58  			},
    59  			"port": &schema.Schema{
    60  				Type:     schema.TypeInt,
    61  				Optional: true,
    62  			},
    63  		},
    64  	}
    65  }
    66  
    67  func resourceScalewaySecurityGroupRuleCreate(d *schema.ResourceData, m interface{}) error {
    68  	scaleway := m.(*Client).scaleway
    69  
    70  	req := api.ScalewayNewSecurityGroupRule{
    71  		Action:       d.Get("action").(string),
    72  		Direction:    d.Get("direction").(string),
    73  		IPRange:      d.Get("ip_range").(string),
    74  		Protocol:     d.Get("protocol").(string),
    75  		DestPortFrom: d.Get("port").(int),
    76  	}
    77  
    78  	err := scaleway.PostSecurityGroupRule(d.Get("security_group").(string), req)
    79  	if err != nil {
    80  		if serr, ok := err.(api.ScalewayAPIError); ok {
    81  			log.Printf("[DEBUG] Error creating Security Group Rule: %q\n", serr.APIMessage)
    82  		}
    83  
    84  		return err
    85  	}
    86  
    87  	resp, err := scaleway.GetSecurityGroupRules(d.Get("security_group").(string))
    88  	if err != nil {
    89  		return err
    90  	}
    91  
    92  	matches := func(rule api.ScalewaySecurityGroupRule) bool {
    93  		return rule.Action == req.Action &&
    94  			rule.Direction == req.Direction &&
    95  			rule.IPRange == req.IPRange &&
    96  			rule.Protocol == req.Protocol &&
    97  			rule.DestPortFrom == req.DestPortFrom
    98  	}
    99  
   100  	for _, rule := range resp.Rules {
   101  		if matches(rule) {
   102  			d.SetId(rule.ID)
   103  			break
   104  		}
   105  	}
   106  
   107  	if d.Id() == "" {
   108  		return fmt.Errorf("Failed to find created security group rule")
   109  	}
   110  
   111  	return resourceScalewaySecurityGroupRuleRead(d, m)
   112  }
   113  
   114  func resourceScalewaySecurityGroupRuleRead(d *schema.ResourceData, m interface{}) error {
   115  	scaleway := m.(*Client).scaleway
   116  	rule, err := scaleway.GetASecurityGroupRule(d.Get("security_group").(string), d.Id())
   117  
   118  	if err != nil {
   119  		if serr, ok := err.(api.ScalewayAPIError); ok {
   120  			log.Printf("[DEBUG] error reading Security Group Rule: %q\n", serr.APIMessage)
   121  
   122  			if serr.StatusCode == 404 {
   123  				d.SetId("")
   124  				return nil
   125  			}
   126  		}
   127  
   128  		return err
   129  	}
   130  
   131  	d.Set("action", rule.Rules.Action)
   132  	d.Set("direction", rule.Rules.Direction)
   133  	d.Set("ip_range", rule.Rules.IPRange)
   134  	d.Set("protocol", rule.Rules.Protocol)
   135  	d.Set("port", rule.Rules.DestPortFrom)
   136  
   137  	return nil
   138  }
   139  
   140  func resourceScalewaySecurityGroupRuleUpdate(d *schema.ResourceData, m interface{}) error {
   141  	scaleway := m.(*Client).scaleway
   142  
   143  	var req = api.ScalewayNewSecurityGroupRule{
   144  		Action:       d.Get("action").(string),
   145  		Direction:    d.Get("direction").(string),
   146  		IPRange:      d.Get("ip_range").(string),
   147  		Protocol:     d.Get("protocol").(string),
   148  		DestPortFrom: d.Get("port").(int),
   149  	}
   150  
   151  	if err := scaleway.PutSecurityGroupRule(req, d.Get("security_group").(string), d.Id()); err != nil {
   152  		log.Printf("[DEBUG] error updating Security Group Rule: %q", err)
   153  
   154  		return err
   155  	}
   156  
   157  	return resourceScalewaySecurityGroupRuleRead(d, m)
   158  }
   159  
   160  func resourceScalewaySecurityGroupRuleDelete(d *schema.ResourceData, m interface{}) error {
   161  	scaleway := m.(*Client).scaleway
   162  
   163  	err := scaleway.DeleteSecurityGroupRule(d.Get("security_group").(string), d.Id())
   164  	if err != nil {
   165  		if serr, ok := err.(api.ScalewayAPIError); ok {
   166  			log.Printf("[DEBUG] error reading Security Group Rule: %q\n", serr.APIMessage)
   167  
   168  			if serr.StatusCode == 404 {
   169  				d.SetId("")
   170  				return nil
   171  			}
   172  		}
   173  
   174  		return err
   175  	}
   176  
   177  	d.SetId("")
   178  	return nil
   179  }