terraform/builtin/providers/scaleway/resource_scaleway_security_...

180 lines
4.7 KiB
Go
Raw Normal View History

Add scaleway provider (#7331) * Add scaleway provider this PR allows the entire scaleway stack to be managed with terraform example usage looks like this: ``` provider "scaleway" { api_key = "snap" organization = "snip" } resource "scaleway_ip" "base" { server = "${scaleway_server.base.id}" } resource "scaleway_server" "base" { name = "test" # ubuntu 14.04 image = "aecaed73-51a5-4439-a127-6d8229847145" type = "C2S" } resource "scaleway_volume" "test" { name = "test" size_in_gb = 20 type = "l_ssd" } resource "scaleway_volume_attachment" "test" { server = "${scaleway_server.base.id}" volume = "${scaleway_volume.test.id}" } resource "scaleway_security_group" "base" { name = "public" description = "public gateway" } resource "scaleway_security_group_rule" "http-ingress" { security_group = "${scaleway_security_group.base.id}" action = "accept" direction = "inbound" ip_range = "0.0.0.0/0" protocol = "TCP" port = 80 } resource "scaleway_security_group_rule" "http-egress" { security_group = "${scaleway_security_group.base.id}" action = "accept" direction = "outbound" ip_range = "0.0.0.0/0" protocol = "TCP" port = 80 } ``` Note that volume attachments require the server to be stopped, which can lead to downtimes of you attach new volumes to already used servers * Update IP read to handle 404 gracefully * Read back resource on update * Ensure IP detachment works as expected Sadly this is not part of the official scaleway api just yet * Adjust detachIP helper based on feedback from @QuentinPerez in https://github.com/scaleway/scaleway-cli/pull/378 * Cleanup documentation * Rename api_key to access_key following @stack72 suggestion and rename the provider api_key for more clarity * Make tests less chatty by using custom logger
2016-07-13 22:03:41 +02:00
package scaleway
import (
"fmt"
"log"
"github.com/hashicorp/terraform/helper/schema"
"github.com/scaleway/scaleway-cli/pkg/api"
)
func resourceScalewaySecurityGroupRule() *schema.Resource {
return &schema.Resource{
Create: resourceScalewaySecurityGroupRuleCreate,
Read: resourceScalewaySecurityGroupRuleRead,
Update: resourceScalewaySecurityGroupRuleUpdate,
Delete: resourceScalewaySecurityGroupRuleDelete,
Schema: map[string]*schema.Schema{
"security_group": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
"action": &schema.Schema{
Type: schema.TypeString,
Required: true,
ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
value := v.(string)
if value != "accept" && value != "drop" {
errors = append(errors, fmt.Errorf("%q must be one of 'accept', 'drop'", k))
}
return
},
},
"direction": &schema.Schema{
Type: schema.TypeString,
Required: true,
ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
value := v.(string)
if value != "inbound" && value != "outbound" {
errors = append(errors, fmt.Errorf("%q must be one of 'inbound', 'outbound'", k))
}
return
},
},
"ip_range": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
"protocol": &schema.Schema{
Type: schema.TypeString,
Required: true,
ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
value := v.(string)
if value != "ICMP" && value != "TCP" && value != "UDP" {
errors = append(errors, fmt.Errorf("%q must be one of 'ICMP', 'TCP', 'UDP", k))
}
return
},
},
"port": &schema.Schema{
Type: schema.TypeInt,
Optional: true,
},
},
}
}
func resourceScalewaySecurityGroupRuleCreate(d *schema.ResourceData, m interface{}) error {
scaleway := m.(*Client).scaleway
req := api.ScalewayNewSecurityGroupRule{
Action: d.Get("action").(string),
Direction: d.Get("direction").(string),
IPRange: d.Get("ip_range").(string),
Protocol: d.Get("protocol").(string),
DestPortFrom: d.Get("port").(int),
}
err := scaleway.PostSecurityGroupRule(d.Get("security_group").(string), req)
if err != nil {
if serr, ok := err.(api.ScalewayAPIError); ok {
log.Printf("[DEBUG] Error creating Security Group Rule: %q\n", serr.APIMessage)
}
return err
}
resp, err := scaleway.GetSecurityGroupRules(d.Get("security_group").(string))
if err != nil {
return err
}
matches := func(rule api.ScalewaySecurityGroupRule) bool {
return rule.Action == req.Action &&
rule.Direction == req.Direction &&
rule.IPRange == req.IPRange &&
rule.Protocol == req.Protocol &&
rule.DestPortFrom == req.DestPortFrom
}
Add scaleway provider (#7331) * Add scaleway provider this PR allows the entire scaleway stack to be managed with terraform example usage looks like this: ``` provider "scaleway" { api_key = "snap" organization = "snip" } resource "scaleway_ip" "base" { server = "${scaleway_server.base.id}" } resource "scaleway_server" "base" { name = "test" # ubuntu 14.04 image = "aecaed73-51a5-4439-a127-6d8229847145" type = "C2S" } resource "scaleway_volume" "test" { name = "test" size_in_gb = 20 type = "l_ssd" } resource "scaleway_volume_attachment" "test" { server = "${scaleway_server.base.id}" volume = "${scaleway_volume.test.id}" } resource "scaleway_security_group" "base" { name = "public" description = "public gateway" } resource "scaleway_security_group_rule" "http-ingress" { security_group = "${scaleway_security_group.base.id}" action = "accept" direction = "inbound" ip_range = "0.0.0.0/0" protocol = "TCP" port = 80 } resource "scaleway_security_group_rule" "http-egress" { security_group = "${scaleway_security_group.base.id}" action = "accept" direction = "outbound" ip_range = "0.0.0.0/0" protocol = "TCP" port = 80 } ``` Note that volume attachments require the server to be stopped, which can lead to downtimes of you attach new volumes to already used servers * Update IP read to handle 404 gracefully * Read back resource on update * Ensure IP detachment works as expected Sadly this is not part of the official scaleway api just yet * Adjust detachIP helper based on feedback from @QuentinPerez in https://github.com/scaleway/scaleway-cli/pull/378 * Cleanup documentation * Rename api_key to access_key following @stack72 suggestion and rename the provider api_key for more clarity * Make tests less chatty by using custom logger
2016-07-13 22:03:41 +02:00
for _, rule := range resp.Rules {
if matches(rule) {
Add scaleway provider (#7331) * Add scaleway provider this PR allows the entire scaleway stack to be managed with terraform example usage looks like this: ``` provider "scaleway" { api_key = "snap" organization = "snip" } resource "scaleway_ip" "base" { server = "${scaleway_server.base.id}" } resource "scaleway_server" "base" { name = "test" # ubuntu 14.04 image = "aecaed73-51a5-4439-a127-6d8229847145" type = "C2S" } resource "scaleway_volume" "test" { name = "test" size_in_gb = 20 type = "l_ssd" } resource "scaleway_volume_attachment" "test" { server = "${scaleway_server.base.id}" volume = "${scaleway_volume.test.id}" } resource "scaleway_security_group" "base" { name = "public" description = "public gateway" } resource "scaleway_security_group_rule" "http-ingress" { security_group = "${scaleway_security_group.base.id}" action = "accept" direction = "inbound" ip_range = "0.0.0.0/0" protocol = "TCP" port = 80 } resource "scaleway_security_group_rule" "http-egress" { security_group = "${scaleway_security_group.base.id}" action = "accept" direction = "outbound" ip_range = "0.0.0.0/0" protocol = "TCP" port = 80 } ``` Note that volume attachments require the server to be stopped, which can lead to downtimes of you attach new volumes to already used servers * Update IP read to handle 404 gracefully * Read back resource on update * Ensure IP detachment works as expected Sadly this is not part of the official scaleway api just yet * Adjust detachIP helper based on feedback from @QuentinPerez in https://github.com/scaleway/scaleway-cli/pull/378 * Cleanup documentation * Rename api_key to access_key following @stack72 suggestion and rename the provider api_key for more clarity * Make tests less chatty by using custom logger
2016-07-13 22:03:41 +02:00
d.SetId(rule.ID)
break
}
}
if d.Id() == "" {
return fmt.Errorf("Failed to find created security group rule")
}
return resourceScalewaySecurityGroupRuleRead(d, m)
}
func resourceScalewaySecurityGroupRuleRead(d *schema.ResourceData, m interface{}) error {
scaleway := m.(*Client).scaleway
rule, err := scaleway.GetASecurityGroupRule(d.Get("security_group").(string), d.Id())
if err != nil {
if serr, ok := err.(api.ScalewayAPIError); ok {
log.Printf("[DEBUG] error reading Security Group Rule: %q\n", serr.APIMessage)
if serr.StatusCode == 404 {
d.SetId("")
return nil
}
}
return err
}
d.Set("action", rule.Rules.Action)
d.Set("direction", rule.Rules.Direction)
d.Set("ip_range", rule.Rules.IPRange)
d.Set("protocol", rule.Rules.Protocol)
d.Set("port", rule.Rules.DestPortFrom)
return nil
}
func resourceScalewaySecurityGroupRuleUpdate(d *schema.ResourceData, m interface{}) error {
scaleway := m.(*Client).scaleway
var req = api.ScalewayNewSecurityGroupRule{
Action: d.Get("action").(string),
Direction: d.Get("direction").(string),
IPRange: d.Get("ip_range").(string),
Protocol: d.Get("protocol").(string),
DestPortFrom: d.Get("port").(int),
}
if err := scaleway.PutSecurityGroupRule(req, d.Get("security_group").(string), d.Id()); err != nil {
log.Printf("[DEBUG] error updating Security Group Rule: %q", err)
return err
}
return resourceScalewaySecurityGroupRuleRead(d, m)
}
func resourceScalewaySecurityGroupRuleDelete(d *schema.ResourceData, m interface{}) error {
scaleway := m.(*Client).scaleway
err := scaleway.DeleteSecurityGroupRule(d.Get("security_group").(string), d.Id())
if err != nil {
if serr, ok := err.(api.ScalewayAPIError); ok {
log.Printf("[DEBUG] error reading Security Group Rule: %q\n", serr.APIMessage)
if serr.StatusCode == 404 {
d.SetId("")
return nil
}
}
Add scaleway provider (#7331) * Add scaleway provider this PR allows the entire scaleway stack to be managed with terraform example usage looks like this: ``` provider "scaleway" { api_key = "snap" organization = "snip" } resource "scaleway_ip" "base" { server = "${scaleway_server.base.id}" } resource "scaleway_server" "base" { name = "test" # ubuntu 14.04 image = "aecaed73-51a5-4439-a127-6d8229847145" type = "C2S" } resource "scaleway_volume" "test" { name = "test" size_in_gb = 20 type = "l_ssd" } resource "scaleway_volume_attachment" "test" { server = "${scaleway_server.base.id}" volume = "${scaleway_volume.test.id}" } resource "scaleway_security_group" "base" { name = "public" description = "public gateway" } resource "scaleway_security_group_rule" "http-ingress" { security_group = "${scaleway_security_group.base.id}" action = "accept" direction = "inbound" ip_range = "0.0.0.0/0" protocol = "TCP" port = 80 } resource "scaleway_security_group_rule" "http-egress" { security_group = "${scaleway_security_group.base.id}" action = "accept" direction = "outbound" ip_range = "0.0.0.0/0" protocol = "TCP" port = 80 } ``` Note that volume attachments require the server to be stopped, which can lead to downtimes of you attach new volumes to already used servers * Update IP read to handle 404 gracefully * Read back resource on update * Ensure IP detachment works as expected Sadly this is not part of the official scaleway api just yet * Adjust detachIP helper based on feedback from @QuentinPerez in https://github.com/scaleway/scaleway-cli/pull/378 * Cleanup documentation * Rename api_key to access_key following @stack72 suggestion and rename the provider api_key for more clarity * Make tests less chatty by using custom logger
2016-07-13 22:03:41 +02:00
return err
}
d.SetId("")
return nil
}