2015-01-08 18:47:10 +01:00
|
|
|
package openstack
|
|
|
|
|
|
|
|
import (
|
2015-01-30 05:54:07 +01:00
|
|
|
"bytes"
|
2015-01-08 18:47:10 +01:00
|
|
|
"fmt"
|
|
|
|
"log"
|
2015-07-16 05:26:41 +02:00
|
|
|
"time"
|
2015-01-08 18:47:10 +01:00
|
|
|
|
2015-01-30 05:54:07 +01:00
|
|
|
"github.com/hashicorp/terraform/helper/hashcode"
|
2015-07-16 05:26:41 +02:00
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
2015-01-08 18:47:10 +01:00
|
|
|
"github.com/hashicorp/terraform/helper/schema"
|
2015-02-17 18:48:23 +01:00
|
|
|
"github.com/rackspace/gophercloud"
|
2015-01-08 18:47:10 +01:00
|
|
|
"github.com/rackspace/gophercloud/openstack/compute/v2/extensions/secgroups"
|
|
|
|
)
|
|
|
|
|
2015-01-26 19:09:27 +01:00
|
|
|
func resourceComputeSecGroupV2() *schema.Resource {
|
2015-01-08 18:47:10 +01:00
|
|
|
return &schema.Resource{
|
2015-01-26 19:09:27 +01:00
|
|
|
Create: resourceComputeSecGroupV2Create,
|
|
|
|
Read: resourceComputeSecGroupV2Read,
|
|
|
|
Update: resourceComputeSecGroupV2Update,
|
|
|
|
Delete: resourceComputeSecGroupV2Delete,
|
2015-01-08 18:47:10 +01:00
|
|
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
2015-01-26 18:54:07 +01:00
|
|
|
"region": &schema.Schema{
|
|
|
|
Type: schema.TypeString,
|
|
|
|
Required: true,
|
|
|
|
ForceNew: true,
|
2015-04-11 06:11:34 +02:00
|
|
|
DefaultFunc: envDefaultFuncAllowMissing("OS_REGION_NAME"),
|
2015-01-26 18:54:07 +01:00
|
|
|
},
|
2015-01-08 18:47:10 +01:00
|
|
|
"name": &schema.Schema{
|
|
|
|
Type: schema.TypeString,
|
|
|
|
Required: true,
|
|
|
|
ForceNew: false,
|
|
|
|
},
|
|
|
|
"description": &schema.Schema{
|
|
|
|
Type: schema.TypeString,
|
|
|
|
Required: true,
|
|
|
|
ForceNew: false,
|
|
|
|
},
|
2015-02-01 01:22:19 +01:00
|
|
|
"rule": &schema.Schema{
|
2015-02-13 01:25:45 +01:00
|
|
|
Type: schema.TypeList,
|
2015-01-30 05:54:07 +01:00
|
|
|
Optional: true,
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
Schema: map[string]*schema.Schema{
|
2015-02-13 01:25:45 +01:00
|
|
|
"id": &schema.Schema{
|
|
|
|
Type: schema.TypeString,
|
|
|
|
Computed: true,
|
|
|
|
},
|
2015-01-30 05:54:07 +01:00
|
|
|
"from_port": &schema.Schema{
|
|
|
|
Type: schema.TypeInt,
|
|
|
|
Required: true,
|
2015-02-13 01:25:45 +01:00
|
|
|
ForceNew: false,
|
2015-01-30 05:54:07 +01:00
|
|
|
},
|
|
|
|
"to_port": &schema.Schema{
|
|
|
|
Type: schema.TypeInt,
|
|
|
|
Required: true,
|
2015-02-13 01:25:45 +01:00
|
|
|
ForceNew: false,
|
2015-01-30 05:54:07 +01:00
|
|
|
},
|
|
|
|
"ip_protocol": &schema.Schema{
|
|
|
|
Type: schema.TypeString,
|
|
|
|
Required: true,
|
2015-02-13 01:25:45 +01:00
|
|
|
ForceNew: false,
|
2015-01-30 05:54:07 +01:00
|
|
|
},
|
|
|
|
"cidr": &schema.Schema{
|
|
|
|
Type: schema.TypeString,
|
|
|
|
Optional: true,
|
2015-02-13 01:25:45 +01:00
|
|
|
ForceNew: false,
|
2015-01-30 05:54:07 +01:00
|
|
|
},
|
|
|
|
"from_group_id": &schema.Schema{
|
|
|
|
Type: schema.TypeString,
|
|
|
|
Optional: true,
|
2015-02-13 01:25:45 +01:00
|
|
|
ForceNew: false,
|
2015-01-30 05:54:07 +01:00
|
|
|
},
|
2015-02-16 22:04:08 +01:00
|
|
|
"self": &schema.Schema{
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
Optional: true,
|
2015-03-04 05:41:15 +01:00
|
|
|
Default: false,
|
2015-02-16 22:04:08 +01:00
|
|
|
ForceNew: false,
|
|
|
|
},
|
2015-01-30 05:54:07 +01:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2015-01-08 18:47:10 +01:00
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-26 19:09:27 +01:00
|
|
|
func resourceComputeSecGroupV2Create(d *schema.ResourceData, meta interface{}) error {
|
2015-01-08 18:47:10 +01:00
|
|
|
config := meta.(*Config)
|
2015-01-31 22:33:54 +01:00
|
|
|
computeClient, err := config.computeV2Client(d.Get("region").(string))
|
2015-01-26 18:54:07 +01:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error creating OpenStack compute client: %s", err)
|
|
|
|
}
|
2015-01-08 18:47:10 +01:00
|
|
|
|
|
|
|
createOpts := secgroups.CreateOpts{
|
|
|
|
Name: d.Get("name").(string),
|
|
|
|
Description: d.Get("description").(string),
|
|
|
|
}
|
|
|
|
|
2015-03-24 13:59:55 +01:00
|
|
|
log.Printf("[DEBUG] Create Options: %#v", createOpts)
|
2015-01-26 18:54:07 +01:00
|
|
|
sg, err := secgroups.Create(computeClient, createOpts).Extract()
|
2015-01-08 18:47:10 +01:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error creating OpenStack security group: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
d.SetId(sg.ID)
|
|
|
|
|
2015-01-30 05:54:07 +01:00
|
|
|
createRuleOptsList := resourceSecGroupRulesV2(d)
|
|
|
|
for _, createRuleOpts := range createRuleOptsList {
|
|
|
|
_, err := secgroups.CreateRule(computeClient, createRuleOpts).Extract()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error creating OpenStack security group rule: %s", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-26 19:09:27 +01:00
|
|
|
return resourceComputeSecGroupV2Read(d, meta)
|
2015-01-08 18:47:10 +01:00
|
|
|
}
|
|
|
|
|
2015-01-26 19:09:27 +01:00
|
|
|
func resourceComputeSecGroupV2Read(d *schema.ResourceData, meta interface{}) error {
|
2015-01-08 18:47:10 +01:00
|
|
|
config := meta.(*Config)
|
2015-01-31 22:33:54 +01:00
|
|
|
computeClient, err := config.computeV2Client(d.Get("region").(string))
|
2015-01-26 18:54:07 +01:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error creating OpenStack compute client: %s", err)
|
|
|
|
}
|
2015-01-08 18:47:10 +01:00
|
|
|
|
2015-01-26 18:54:07 +01:00
|
|
|
sg, err := secgroups.Get(computeClient, d.Id()).Extract()
|
2015-01-08 18:47:10 +01:00
|
|
|
if err != nil {
|
2015-02-10 04:27:39 +01:00
|
|
|
return CheckDeleted(d, err, "security group")
|
2015-01-08 18:47:10 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
d.Set("name", sg.Name)
|
|
|
|
d.Set("description", sg.Description)
|
2015-03-04 05:41:15 +01:00
|
|
|
rtm := rulesToMap(sg.Rules)
|
|
|
|
for _, v := range rtm {
|
2015-11-09 18:31:40 +01:00
|
|
|
if v["group"] == d.Get("name") {
|
|
|
|
v["self"] = "1"
|
2015-03-04 05:41:15 +01:00
|
|
|
} else {
|
2015-11-09 18:31:40 +01:00
|
|
|
v["self"] = "0"
|
2015-03-04 05:41:15 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
log.Printf("[DEBUG] rulesToMap(sg.Rules): %+v", rtm)
|
|
|
|
d.Set("rule", rtm)
|
2015-01-08 18:47:10 +01:00
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2015-01-26 19:09:27 +01:00
|
|
|
func resourceComputeSecGroupV2Update(d *schema.ResourceData, meta interface{}) error {
|
2015-01-08 18:47:10 +01:00
|
|
|
config := meta.(*Config)
|
2015-01-31 22:33:54 +01:00
|
|
|
computeClient, err := config.computeV2Client(d.Get("region").(string))
|
2015-01-26 18:54:07 +01:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error creating OpenStack compute client: %s", err)
|
|
|
|
}
|
2015-01-08 18:47:10 +01:00
|
|
|
|
2015-01-26 20:59:38 +01:00
|
|
|
updateOpts := secgroups.UpdateOpts{
|
2015-01-26 23:45:05 +01:00
|
|
|
Name: d.Get("name").(string),
|
2015-01-26 20:59:38 +01:00
|
|
|
Description: d.Get("description").(string),
|
2015-01-08 18:47:10 +01:00
|
|
|
}
|
|
|
|
|
2015-01-26 18:54:07 +01:00
|
|
|
log.Printf("[DEBUG] Updating Security Group (%s) with options: %+v", d.Id(), updateOpts)
|
2015-01-08 18:47:10 +01:00
|
|
|
|
2015-01-26 18:54:07 +01:00
|
|
|
_, err = secgroups.Update(computeClient, d.Id(), updateOpts).Extract()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error updating OpenStack security group (%s): %s", d.Id(), err)
|
2015-01-08 18:47:10 +01:00
|
|
|
}
|
|
|
|
|
2015-02-01 01:22:19 +01:00
|
|
|
if d.HasChange("rule") {
|
|
|
|
oldSGRaw, newSGRaw := d.GetChange("rule")
|
2015-02-13 01:25:45 +01:00
|
|
|
oldSGRSlice, newSGRSlice := oldSGRaw.([]interface{}), newSGRaw.([]interface{})
|
|
|
|
oldSGRSet := schema.NewSet(secgroupRuleV2Hash, oldSGRSlice)
|
|
|
|
newSGRSet := schema.NewSet(secgroupRuleV2Hash, newSGRSlice)
|
2015-01-30 05:54:07 +01:00
|
|
|
secgrouprulesToAdd := newSGRSet.Difference(oldSGRSet)
|
|
|
|
secgrouprulesToRemove := oldSGRSet.Difference(newSGRSet)
|
|
|
|
|
|
|
|
log.Printf("[DEBUG] Security group rules to add: %v", secgrouprulesToAdd)
|
|
|
|
|
2015-02-13 01:25:45 +01:00
|
|
|
log.Printf("[DEBUG] Security groups rules to remove: %v", secgrouprulesToRemove)
|
2015-01-30 05:54:07 +01:00
|
|
|
|
|
|
|
for _, rawRule := range secgrouprulesToAdd.List() {
|
2015-02-13 01:25:45 +01:00
|
|
|
createRuleOpts := resourceSecGroupRuleCreateOptsV2(d, rawRule)
|
2015-01-30 05:54:07 +01:00
|
|
|
rule, err := secgroups.CreateRule(computeClient, createRuleOpts).Extract()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error adding rule to OpenStack security group (%s): %s", d.Id(), err)
|
|
|
|
}
|
|
|
|
log.Printf("[DEBUG] Added rule (%s) to OpenStack security group (%s) ", rule.ID, d.Id())
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, r := range secgrouprulesToRemove.List() {
|
2015-02-13 01:25:45 +01:00
|
|
|
rule := resourceSecGroupRuleV2(d, r)
|
|
|
|
err := secgroups.DeleteRule(computeClient, rule.ID).ExtractErr()
|
2015-01-30 05:54:07 +01:00
|
|
|
if err != nil {
|
2015-02-17 18:48:23 +01:00
|
|
|
errCode, ok := err.(*gophercloud.UnexpectedResponseCodeError)
|
2015-02-13 01:25:45 +01:00
|
|
|
if !ok {
|
|
|
|
return fmt.Errorf("Error removing rule (%s) from OpenStack security group (%s): %s", rule.ID, d.Id(), err)
|
|
|
|
}
|
|
|
|
if errCode.Actual == 404 {
|
|
|
|
continue
|
|
|
|
} else {
|
|
|
|
return fmt.Errorf("Error removing rule (%s) from OpenStack security group (%s)", rule.ID, d.Id())
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
log.Printf("[DEBUG] Removed rule (%s) from OpenStack security group (%s): %s", rule.ID, d.Id(), err)
|
2015-01-30 05:54:07 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-26 19:09:27 +01:00
|
|
|
return resourceComputeSecGroupV2Read(d, meta)
|
2015-01-08 18:47:10 +01:00
|
|
|
}
|
|
|
|
|
2015-01-26 19:09:27 +01:00
|
|
|
func resourceComputeSecGroupV2Delete(d *schema.ResourceData, meta interface{}) error {
|
2015-01-08 18:47:10 +01:00
|
|
|
config := meta.(*Config)
|
2015-01-31 22:33:54 +01:00
|
|
|
computeClient, err := config.computeV2Client(d.Get("region").(string))
|
2015-01-26 18:54:07 +01:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error creating OpenStack compute client: %s", err)
|
|
|
|
}
|
2015-01-08 18:47:10 +01:00
|
|
|
|
2015-07-16 05:26:41 +02:00
|
|
|
stateConf := &resource.StateChangeConf{
|
|
|
|
Pending: []string{"ACTIVE"},
|
|
|
|
Target: "DELETED",
|
|
|
|
Refresh: SecGroupV2StateRefreshFunc(computeClient, d),
|
|
|
|
Timeout: 10 * time.Minute,
|
|
|
|
Delay: 10 * time.Second,
|
|
|
|
MinTimeout: 3 * time.Second,
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err = stateConf.WaitForState()
|
2015-01-08 18:47:10 +01:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Error deleting OpenStack security group: %s", err)
|
|
|
|
}
|
2015-07-16 05:26:41 +02:00
|
|
|
|
2015-01-08 18:47:10 +01:00
|
|
|
d.SetId("")
|
|
|
|
return nil
|
|
|
|
}
|
2015-01-30 05:54:07 +01:00
|
|
|
|
|
|
|
func resourceSecGroupRulesV2(d *schema.ResourceData) []secgroups.CreateRuleOpts {
|
2015-10-08 14:48:04 +02:00
|
|
|
rawRules := d.Get("rule").([]interface{})
|
2015-02-13 01:25:45 +01:00
|
|
|
createRuleOptsList := make([]secgroups.CreateRuleOpts, len(rawRules))
|
|
|
|
for i, raw := range rawRules {
|
2015-01-30 05:54:07 +01:00
|
|
|
rawMap := raw.(map[string]interface{})
|
2015-02-16 22:04:08 +01:00
|
|
|
groupId := rawMap["from_group_id"].(string)
|
|
|
|
if rawMap["self"].(bool) {
|
|
|
|
groupId = d.Id()
|
|
|
|
}
|
2015-01-30 05:54:07 +01:00
|
|
|
createRuleOptsList[i] = secgroups.CreateRuleOpts{
|
|
|
|
ParentGroupID: d.Id(),
|
|
|
|
FromPort: rawMap["from_port"].(int),
|
|
|
|
ToPort: rawMap["to_port"].(int),
|
|
|
|
IPProtocol: rawMap["ip_protocol"].(string),
|
|
|
|
CIDR: rawMap["cidr"].(string),
|
2015-02-16 22:04:08 +01:00
|
|
|
FromGroupID: groupId,
|
2015-01-30 05:54:07 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return createRuleOptsList
|
|
|
|
}
|
|
|
|
|
2015-02-13 01:25:45 +01:00
|
|
|
func resourceSecGroupRuleCreateOptsV2(d *schema.ResourceData, raw interface{}) secgroups.CreateRuleOpts {
|
2015-01-30 05:54:07 +01:00
|
|
|
rawMap := raw.(map[string]interface{})
|
2015-02-16 22:04:08 +01:00
|
|
|
groupId := rawMap["from_group_id"].(string)
|
|
|
|
if rawMap["self"].(bool) {
|
|
|
|
groupId = d.Id()
|
|
|
|
}
|
2015-02-01 01:22:19 +01:00
|
|
|
return secgroups.CreateRuleOpts{
|
2015-01-30 05:54:07 +01:00
|
|
|
ParentGroupID: d.Id(),
|
|
|
|
FromPort: rawMap["from_port"].(int),
|
|
|
|
ToPort: rawMap["to_port"].(int),
|
|
|
|
IPProtocol: rawMap["ip_protocol"].(string),
|
|
|
|
CIDR: rawMap["cidr"].(string),
|
2015-02-16 22:04:08 +01:00
|
|
|
FromGroupID: groupId,
|
2015-01-30 05:54:07 +01:00
|
|
|
}
|
|
|
|
}
|
2015-02-13 01:25:45 +01:00
|
|
|
|
|
|
|
func resourceSecGroupRuleV2(d *schema.ResourceData, raw interface{}) secgroups.Rule {
|
|
|
|
rawMap := raw.(map[string]interface{})
|
|
|
|
return secgroups.Rule{
|
|
|
|
ID: rawMap["id"].(string),
|
|
|
|
ParentGroupID: d.Id(),
|
|
|
|
FromPort: rawMap["from_port"].(int),
|
|
|
|
ToPort: rawMap["to_port"].(int),
|
|
|
|
IPProtocol: rawMap["ip_protocol"].(string),
|
|
|
|
IPRange: secgroups.IPRange{CIDR: rawMap["cidr"].(string)},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func rulesToMap(sgrs []secgroups.Rule) []map[string]interface{} {
|
|
|
|
sgrMap := make([]map[string]interface{}, len(sgrs))
|
|
|
|
for i, sgr := range sgrs {
|
|
|
|
sgrMap[i] = map[string]interface{}{
|
2015-11-09 18:31:40 +01:00
|
|
|
"id": sgr.ID,
|
|
|
|
"from_port": sgr.FromPort,
|
|
|
|
"to_port": sgr.ToPort,
|
|
|
|
"ip_protocol": sgr.IPProtocol,
|
|
|
|
"cidr": sgr.IPRange.CIDR,
|
|
|
|
"group": sgr.Group.Name,
|
2015-02-13 01:25:45 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return sgrMap
|
|
|
|
}
|
|
|
|
|
|
|
|
func secgroupRuleV2Hash(v interface{}) int {
|
|
|
|
var buf bytes.Buffer
|
|
|
|
m := v.(map[string]interface{})
|
|
|
|
buf.WriteString(fmt.Sprintf("%d-", m["from_port"].(int)))
|
|
|
|
buf.WriteString(fmt.Sprintf("%d-", m["to_port"].(int)))
|
|
|
|
buf.WriteString(fmt.Sprintf("%s-", m["ip_protocol"].(string)))
|
|
|
|
buf.WriteString(fmt.Sprintf("%s-", m["cidr"].(string)))
|
|
|
|
|
|
|
|
return hashcode.String(buf.String())
|
|
|
|
}
|
2015-07-16 05:26:41 +02:00
|
|
|
|
|
|
|
func SecGroupV2StateRefreshFunc(computeClient *gophercloud.ServiceClient, d *schema.ResourceData) resource.StateRefreshFunc {
|
|
|
|
return func() (interface{}, string, error) {
|
|
|
|
log.Printf("[DEBUG] Attempting to delete Security Group %s.\n", d.Id())
|
|
|
|
|
|
|
|
err := secgroups.Delete(computeClient, d.Id()).ExtractErr()
|
|
|
|
if err != nil {
|
|
|
|
return nil, "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
s, err := secgroups.Get(computeClient, d.Id()).Extract()
|
|
|
|
if err != nil {
|
|
|
|
err = CheckDeleted(d, err, "Security Group")
|
|
|
|
if err != nil {
|
|
|
|
return s, "", err
|
|
|
|
} else {
|
|
|
|
log.Printf("[DEBUG] Successfully deleted Security Group %s", d.Id())
|
|
|
|
return s, "DELETED", nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Printf("[DEBUG] Security Group %s still active.\n", d.Id())
|
|
|
|
return s, "ACTIVE", nil
|
|
|
|
}
|
|
|
|
}
|