terraform/builtin/providers/azure/resource_azure_security_gro...

package azure

import (
	"bytes"
	"fmt"
	"log"
	"strconv"

	"github.com/hashicorp/terraform/helper/hashcode"
	"github.com/hashicorp/terraform/helper/schema"
	"github.com/svanharmelen/azure-sdk-for-go/management"
	"github.com/svanharmelen/azure-sdk-for-go/management/networksecuritygroup"
)

func resourceAzureSecurityGroup() *schema.Resource {
	return &schema.Resource{
		Create: resourceAzureSecurityGroupCreate,
		Read:   resourceAzureSecurityGroupRead,
		Update: resourceAzureSecurityGroupUpdate,
		Delete: resourceAzureSecurityGroupDelete,

		Schema: map[string]*schema.Schema{
			"name": &schema.Schema{
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},

			"label": &schema.Schema{
				Type:     schema.TypeString,
				Optional: true,
				Computed: true,
				ForceNew: true,
			},

			"subnet": &schema.Schema{
				Type:     schema.TypeString,
				Optional: true,
			},

			"location": &schema.Schema{
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},

			"rule": &schema.Schema{
				Type:     schema.TypeSet,
				Required: true,
				Elem: &schema.Resource{
					Schema: map[string]*schema.Schema{
						"name": &schema.Schema{
							Type:     schema.TypeString,
							Required: true,
						},

						"type": &schema.Schema{
							Type:     schema.TypeString,
							Optional: true,
							Default:  "Inbound",
						},

						"priority": &schema.Schema{
							Type:     schema.TypeInt,
							Required: true,
						},

						"action": &schema.Schema{
							Type:     schema.TypeString,
							Optional: true,
							Default:  "Allow",
						},

						"source_cidr": &schema.Schema{
							Type:     schema.TypeString,
							Required: true,
						},

						"source_port": &schema.Schema{
							Type:     schema.TypeString,
							Required: true,
						},

						"destination_cidr": &schema.Schema{
							Type:     schema.TypeString,
							Required: true,
						},

						"destination_port": &schema.Schema{
							Type:     schema.TypeString,
							Required: true,
						},

						"protocol": &schema.Schema{
							Type:     schema.TypeString,
							Optional: true,
							Default:  "TCP",
						},
					},
				},
				Set: resourceAzureSecurityGroupRuleHash,
			},
		},
	}
}

func resourceAzureSecurityGroupCreate(d *schema.ResourceData, meta interface{}) (err error) {
	mc := meta.(*management.Client)

	name := d.Get("name").(string)

	// Compute/set the label
	label := d.Get("label").(string)
	if label == "" {
		label = name
	}

	req, err := networksecuritygroup.NewClient(*mc).CreateNetworkSecurityGroup(
		name,
		label,
		d.Get("location").(string),
	)
	if err != nil {
		return fmt.Errorf("Error creating Network Security Group %s: %s", name, err)
	}

	if err := mc.WaitForOperation(req, nil); err != nil {
		return fmt.Errorf(
			"Error waiting for Network Security Group %s to be created: %s", name, err)
	}

	d.SetId(name)

	// Create all rules that are configured
	if rs := d.Get("rule").(*schema.Set); rs.Len() > 0 {

		// Create an empty schema.Set to hold all rules
		rules := &schema.Set{
			F: resourceAzureSecurityGroupRuleHash,
		}

		for _, rule := range rs.List() {
			// Create a single rule
			err := resourceAzureSecurityGroupRuleCreate(d, meta, rule.(map[string]interface{}))

			// We need to update this first to preserve the correct state
			rules.Add(rule)
			d.Set("rule", rules)

			if err != nil {
				return err
			}
		}
	}

	return resourceAzureSecurityGroupRead(d, meta)
}

func resourceAzureSecurityGroupRuleCreate(
	d *schema.ResourceData, meta interface{}, rule map[string]interface{}) error {
	mc := meta.(*management.Client)

	// Make sure all required parameters are there
	if err := verifySecurityGroupRuleParams(rule); err != nil {
		return err
	}

	name := rule["name"].(string)

	// Create the rule
	req, err := networksecuritygroup.NewClient(*mc).SetNetworkSecurityGroupRule(d.Id(),
		networksecuritygroup.RuleRequest{
			Name:                     name,
			Type:                     networksecuritygroup.RuleType(rule["type"].(string)),
			Priority:                 rule["priority"].(int),
			Action:                   networksecuritygroup.RuleAction(rule["action"].(string)),
			SourceAddressPrefix:      rule["source_cidr"].(string),
			SourcePortRange:          rule["source_port"].(string),
			DestinationAddressPrefix: rule["destination_cidr"].(string),
			DestinationPortRange:     rule["destination_port"].(string),
			Protocol:                 networksecuritygroup.RuleProtocol(rule["protocol"].(string)),
		},
	)
	if err != nil {
		return fmt.Errorf("Error creating Network Security Group rule %s: %s", name, err)
	}

	if err := mc.WaitForOperation(req, nil); err != nil {
		return fmt.Errorf(
			"Error waiting for Network Security Group rule %s to be created: %s", name, err)
	}

	return nil
}

func resourceAzureSecurityGroupRead(d *schema.ResourceData, meta interface{}) error {
	mc := meta.(*management.Client)

	sg, err := networksecuritygroup.NewClient(*mc).GetNetworkSecurityGroup(d.Id())
	if err != nil {
		return fmt.Errorf("Error retrieving Network Security Group %s: %s", d.Id(), err)
	}

	d.Set("label", sg.Label)
	d.Set("location", sg.Location)

	// Create an empty schema.Set to hold all rules
	rules := &schema.Set{
		F: resourceAzureSecurityGroupRuleHash,
	}

	for _, r := range sg.Rules {
		if !r.IsDefault {
			rule := map[string]interface{}{
				"name":             r.Name,
				"type":             string(r.Type),
				"priority":         r.Priority,
				"action":           string(r.Action),
				"source_cidr":      r.SourceAddressPrefix,
				"source_port":      r.SourcePortRange,
				"destination_cidr": r.DestinationAddressPrefix,
				"destination_port": r.DestinationPortRange,
				"protocol":         string(r.Protocol),
			}
			rules.Add(rule)
		}
	}

	d.Set("rule", rules)

	return nil
}

func resourceAzureSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error {
	// Check if the rule set as a whole has changed
	if d.HasChange("rule") {
		o, n := d.GetChange("rule")
		ors := o.(*schema.Set).Difference(n.(*schema.Set))
		nrs := n.(*schema.Set).Difference(o.(*schema.Set))

		// Now first loop through all the old rules and delete any obsolete ones
		for _, rule := range ors.List() {
			// Delete the rule as it no longer exists in the config
			err := resourceAzureSecurityGroupRuleDelete(d, meta, rule.(map[string]interface{}))
			if err != nil {
				return err
			}
		}

		// Make sure we save the state of the currently configured rules
		rules := o.(*schema.Set).Intersection(n.(*schema.Set))
		d.Set("rule", rules)

		// Then loop through al the currently configured rules and create the new ones
		for _, rule := range nrs.List() {
			err := resourceAzureSecurityGroupRuleCreate(d, meta, rule.(map[string]interface{}))

			// We need to update this first to preserve the correct state
			rules.Add(rule)
			d.Set("rule", rules)

			if err != nil {
				return err
			}
		}
	}

	return resourceAzureSecurityGroupRead(d, meta)
}

func resourceAzureSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
	mc := meta.(*management.Client)

	log.Printf("[DEBUG] Deleting Network Security Group: %s", d.Id())
	req, err := networksecuritygroup.NewClient(*mc).DeleteNetworkSecurityGroup(d.Id())
	if err != nil {
		return fmt.Errorf("Error deleting Network Security Group %s: %s", d.Id(), err)
	}

	// Wait until the network security group is deleted
	if err := mc.WaitForOperation(req, nil); err != nil {
		return fmt.Errorf(
			"Error waiting for Network Security Group %s to be deleted: %s", d.Id(), err)
	}

	d.SetId("")

	return nil
}

func resourceAzureSecurityGroupRuleDelete(
	d *schema.ResourceData, meta interface{}, rule map[string]interface{}) error {
	mc := meta.(*management.Client)

	name := rule["name"].(string)

	// Delete the rule
	req, err := networksecuritygroup.NewClient(*mc).DeleteNetworkSecurityGroupRule(d.Id(), name)
	if err != nil {
		return fmt.Errorf("Error deleting Network Security Group rule %s: %s", name, err)
	}

	if err := mc.WaitForOperation(req, nil); err != nil {
		return fmt.Errorf(
			"Error waiting for Network Security Group rule %s to be deleted: %s", name, err)
	}

	return nil
}

func resourceAzureSecurityGroupRuleHash(v interface{}) int {
	var buf bytes.Buffer
	m := v.(map[string]interface{})
	buf.WriteString(fmt.Sprintf(
		"%s-%d-%s-%s-%s-%s-%s-%s",
		m["type"].(string),
		m["priority"].(int),
		m["action"].(string),
		m["source_cidr"].(string),
		m["source_port"].(string),
		m["destination_cidr"].(string),
		m["destination_port"].(string),
		m["protocol"].(string)))

	return hashcode.String(buf.String())
}

func verifySecurityGroupRuleParams(rule map[string]interface{}) error {
	typ := rule["type"].(string)
	if typ != "Inbound" && typ != "Outbound" {
		return fmt.Errorf("Parameter type only accepts 'Inbound' or 'Outbound' as values")
	}

	action := rule["action"].(string)
	if action != "Allow" && action != "Deny" {
		return fmt.Errorf("Parameter action only accepts 'Allow' or 'Deny' as values")
	}

	protocol := rule["protocol"].(string)
	if protocol != "TCP" && protocol != "UDP" && protocol != "*" {
		_, err := strconv.ParseInt(protocol, 0, 0)
		if err != nil {
			return fmt.Errorf(
				"Parameter type only accepts 'TCP', 'UDP' or '*' as values")
		}
	}

	return nil
}
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`package azure`

			`import (`
Adding docs and tweaking the provider 2015-05-18 15:40:45 +02:00			`"bytes"`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`"fmt"`
			`"log"`
			`"strconv"`

Adding docs and tweaking the provider 2015-05-18 15:40:45 +02:00			`"github.com/hashicorp/terraform/helper/hashcode"`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`"github.com/hashicorp/terraform/helper/schema"`
Updated to use forked azure-sdk-for-go package 2015-05-12 08:30:47 +02:00			`"github.com/svanharmelen/azure-sdk-for-go/management"`
			`"github.com/svanharmelen/azure-sdk-for-go/management/networksecuritygroup"`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`)`

			`func resourceAzureSecurityGroup() *schema.Resource {`
			`return &schema.Resource{`
			`Create: resourceAzureSecurityGroupCreate,`
			`Read: resourceAzureSecurityGroupRead,`
			`Update: resourceAzureSecurityGroupUpdate,`
			`Delete: resourceAzureSecurityGroupDelete,`

			`Schema: map[string]*schema.Schema{`
			`"name": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`ForceNew: true,`
			`},`

			`"label": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
			`Computed: true,`
			`ForceNew: true,`
			`},`

			`"subnet": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
			`},`

			`"location": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`ForceNew: true,`
			`},`

			`"rule": &schema.Schema{`
			`Type: schema.TypeSet,`
			`Required: true,`
			`Elem: &schema.Resource{`
			`Schema: map[string]*schema.Schema{`
			`"name": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`},`

			`"type": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`Default: "Inbound",`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`},`

			`"priority": &schema.Schema{`
			`Type: schema.TypeInt,`
			`Required: true,`
			`},`

			`"action": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`Default: "Allow",`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`},`

			`"source_cidr": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`},`

			`"source_port": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`},`

			`"destination_cidr": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`},`

			`"destination_port": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`},`

			`"protocol": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`Default: "TCP",`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`},`
			`},`
			`},`
			`Set: resourceAzureSecurityGroupRuleHash,`
			`},`
			`},`
			`}`
			`}`

			`func resourceAzureSecurityGroupCreate(d *schema.ResourceData, meta interface{}) (err error) {`
			`mc := meta.(*management.Client)`

			`name := d.Get("name").(string)`

Adding docs and tweaking the provider 2015-05-18 15:40:45 +02:00			`// Compute/set the label`
			`label := d.Get("label").(string)`
			`if label == "" {`
			`label = name`
			`}`

Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`req, err := networksecuritygroup.NewClient(*mc).CreateNetworkSecurityGroup(`
			`name,`
Adding docs and tweaking the provider 2015-05-18 15:40:45 +02:00			`label,`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`d.Get("location").(string),`
			`)`
			`if err != nil {`
			`return fmt.Errorf("Error creating Network Security Group %s: %s", name, err)`
			`}`

Seems to be almost ready... 2015-05-22 15:31:14 +02:00			`if err := mc.WaitForOperation(req, nil); err != nil {`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`return fmt.Errorf(`
			`"Error waiting for Network Security Group %s to be created: %s", name, err)`
			`}`

			`d.SetId(name)`

			`// Create all rules that are configured`
			`if rs := d.Get("rule").(*schema.Set); rs.Len() > 0 {`

			`// Create an empty schema.Set to hold all rules`
			`rules := &schema.Set{`
			`F: resourceAzureSecurityGroupRuleHash,`
			`}`

			`for _, rule := range rs.List() {`
			`// Create a single rule`
			`err := resourceAzureSecurityGroupRuleCreate(d, meta, rule.(map[string]interface{}))`

			`// We need to update this first to preserve the correct state`
			`rules.Add(rule)`
			`d.Set("rule", rules)`

			`if err != nil {`
			`return err`
			`}`
			`}`
			`}`

			`return resourceAzureSecurityGroupRead(d, meta)`
			`}`

			`func resourceAzureSecurityGroupRuleCreate(`
			`d *schema.ResourceData, meta interface{}, rule map[string]interface{}) error {`
			`mc := meta.(*management.Client)`

			`// Make sure all required parameters are there`
			`if err := verifySecurityGroupRuleParams(rule); err != nil {`
			`return err`
			`}`

			`name := rule["name"].(string)`

			`// Create the rule`
			`req, err := networksecuritygroup.NewClient(*mc).SetNetworkSecurityGroupRule(d.Id(),`
Small update after changes in the Azure SDK 2015-05-11 18:32:30 +02:00			`networksecuritygroup.RuleRequest{`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`Name: name,`
Small update after changes in the Azure SDK 2015-05-11 18:32:30 +02:00			`Type: networksecuritygroup.RuleType(rule["type"].(string)),`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`Priority: rule["priority"].(int),`
Small update after changes in the Azure SDK 2015-05-11 18:32:30 +02:00			`Action: networksecuritygroup.RuleAction(rule["action"].(string)),`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`SourceAddressPrefix: rule["source_cidr"].(string),`
			`SourcePortRange: rule["source_port"].(string),`
			`DestinationAddressPrefix: rule["destination_cidr"].(string),`
			`DestinationPortRange: rule["destination_port"].(string),`
Small update after changes in the Azure SDK 2015-05-11 18:32:30 +02:00			`Protocol: networksecuritygroup.RuleProtocol(rule["protocol"].(string)),`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`},`
			`)`
			`if err != nil {`
			`return fmt.Errorf("Error creating Network Security Group rule %s: %s", name, err)`
			`}`

Seems to be almost ready... 2015-05-22 15:31:14 +02:00			`if err := mc.WaitForOperation(req, nil); err != nil {`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`return fmt.Errorf(`
			`"Error waiting for Network Security Group rule %s to be created: %s", name, err)`
			`}`

			`return nil`
			`}`

			`func resourceAzureSecurityGroupRead(d *schema.ResourceData, meta interface{}) error {`
			`mc := meta.(*management.Client)`

			`sg, err := networksecuritygroup.NewClient(*mc).GetNetworkSecurityGroup(d.Id())`
			`if err != nil {`
			`return fmt.Errorf("Error retrieving Network Security Group %s: %s", d.Id(), err)`
			`}`

			`d.Set("label", sg.Label)`
			`d.Set("location", sg.Location)`

Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`// Create an empty schema.Set to hold all rules`
			`rules := &schema.Set{`
			`F: resourceAzureSecurityGroupRuleHash,`
			`}`

			`for _, r := range sg.Rules {`
			`if !r.IsDefault {`
			`rule := map[string]interface{}{`
			`"name": r.Name,`
Small update after changes in the Azure SDK 2015-05-11 18:32:30 +02:00			`"type": string(r.Type),`
Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`"priority": r.Priority,`
Small update after changes in the Azure SDK 2015-05-11 18:32:30 +02:00			`"action": string(r.Action),`
Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`"source_cidr": r.SourceAddressPrefix,`
			`"source_port": r.SourcePortRange,`
			`"destination_cidr": r.DestinationAddressPrefix,`
			`"destination_port": r.DestinationPortRange,`
Small update after changes in the Azure SDK 2015-05-11 18:32:30 +02:00			`"protocol": string(r.Protocol),`
Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`}`
			`rules.Add(rule)`
			`}`
			`}`

			`d.Set("rule", rules)`

Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`return nil`
			`}`

			`func resourceAzureSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error {`
			`// Check if the rule set as a whole has changed`
			`if d.HasChange("rule") {`
			`o, n := d.GetChange("rule")`
			`ors := o.(schema.Set).Difference(n.(schema.Set))`
			`nrs := n.(schema.Set).Difference(o.(schema.Set))`

			`// Now first loop through all the old rules and delete any obsolete ones`
			`for _, rule := range ors.List() {`
			`// Delete the rule as it no longer exists in the config`
			`err := resourceAzureSecurityGroupRuleDelete(d, meta, rule.(map[string]interface{}))`
			`if err != nil {`
			`return err`
			`}`
			`}`

			`// Make sure we save the state of the currently configured rules`
			`rules := o.(schema.Set).Intersection(n.(schema.Set))`
			`d.Set("rule", rules)`

			`// Then loop through al the currently configured rules and create the new ones`
			`for _, rule := range nrs.List() {`
			`err := resourceAzureSecurityGroupRuleCreate(d, meta, rule.(map[string]interface{}))`

			`// We need to update this first to preserve the correct state`
			`rules.Add(rule)`
			`d.Set("rule", rules)`

			`if err != nil {`
			`return err`
			`}`
			`}`
			`}`

			`return resourceAzureSecurityGroupRead(d, meta)`
			`}`

			`func resourceAzureSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {`
			`mc := meta.(*management.Client)`

			`log.Printf("[DEBUG] Deleting Network Security Group: %s", d.Id())`
			`req, err := networksecuritygroup.NewClient(*mc).DeleteNetworkSecurityGroup(d.Id())`
			`if err != nil {`
			`return fmt.Errorf("Error deleting Network Security Group %s: %s", d.Id(), err)`
			`}`

			`// Wait until the network security group is deleted`
Seems to be almost ready... 2015-05-22 15:31:14 +02:00			`if err := mc.WaitForOperation(req, nil); err != nil {`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`return fmt.Errorf(`
			`"Error waiting for Network Security Group %s to be deleted: %s", d.Id(), err)`
			`}`

			`d.SetId("")`

			`return nil`
			`}`

			`func resourceAzureSecurityGroupRuleDelete(`
			`d *schema.ResourceData, meta interface{}, rule map[string]interface{}) error {`
			`mc := meta.(*management.Client)`

			`name := rule["name"].(string)`

			`// Delete the rule`
			`req, err := networksecuritygroup.NewClient(*mc).DeleteNetworkSecurityGroupRule(d.Id(), name)`
			`if err != nil {`
			`return fmt.Errorf("Error deleting Network Security Group rule %s: %s", name, err)`
			`}`

Seems to be almost ready... 2015-05-22 15:31:14 +02:00			`if err := mc.WaitForOperation(req, nil); err != nil {`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`return fmt.Errorf(`
			`"Error waiting for Network Security Group rule %s to be deleted: %s", name, err)`
			`}`

			`return nil`
			`}`

			`func resourceAzureSecurityGroupRuleHash(v interface{}) int {`
Adding docs and tweaking the provider 2015-05-18 15:40:45 +02:00			`var buf bytes.Buffer`
			`m := v.(map[string]interface{})`
			`buf.WriteString(fmt.Sprintf(`
			`"%s-%d-%s-%s-%s-%s-%s-%s",`
			`m["type"].(string),`
			`m["priority"].(int),`
			`m["action"].(string),`
			`m["source_cidr"].(string),`
			`m["source_port"].(string),`
			`m["destination_cidr"].(string),`
			`m["destination_port"].(string),`
			`m["protocol"].(string)))`

			`return hashcode.String(buf.String())`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`}`

			`func verifySecurityGroupRuleParams(rule map[string]interface{}) error {`
			`typ := rule["type"].(string)`
Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`if typ != "Inbound" && typ != "Outbound" {`
			`return fmt.Errorf("Parameter type only accepts 'Inbound' or 'Outbound' as values")`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`}`

			`action := rule["action"].(string)`
Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`if action != "Allow" && action != "Deny" {`
			`return fmt.Errorf("Parameter action only accepts 'Allow' or 'Deny' as values")`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`}`

			`protocol := rule["protocol"].(string)`
Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`if protocol != "TCP" && protocol != "UDP" && protocol != "*" {`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`_, err := strconv.ParseInt(protocol, 0, 0)`
			`if err != nil {`
			`return fmt.Errorf(`
Little refactoring and fixing some issues Starting to look pretty nice… 2015-04-30 17:12:05 +02:00			`"Parameter type only accepts 'TCP', 'UDP' or '*' as values")`
Needs more testing and tests, but it's becoming a nice provider 2015-04-30 10:58:45 +02:00			`}`
			`}`

			`return nil`
			`}`