terraform/builtin/providers/openstack/resource_openstack_fw_rule_...

package openstack

import (
	"fmt"
	"log"

	"github.com/hashicorp/terraform/helper/schema"
	"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/policies"
	"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/rules"
)

func resourceFWRuleV1() *schema.Resource {
	return &schema.Resource{
		Create: resourceFWRuleV1Create,
		Read:   resourceFWRuleV1Read,
		Update: resourceFWRuleV1Update,
		Delete: resourceFWRuleV1Delete,

		Schema: map[string]*schema.Schema{
			"region": &schema.Schema{
				Type:        schema.TypeString,
				Required:    true,
				ForceNew:    true,
				DefaultFunc: envDefaultFuncAllowMissing("OS_REGION_NAME"),
			},
			"name": &schema.Schema{
				Type:     schema.TypeString,
				Optional: true,
			},
			"description": &schema.Schema{
				Type:     schema.TypeString,
				Optional: true,
			},
			"protocol": &schema.Schema{
				Type:     schema.TypeString,
				Required: true,
			},
			"action": &schema.Schema{
				Type:     schema.TypeString,
				Required: true,
			},
			"ip_version": &schema.Schema{
				Type:     schema.TypeInt,
				Optional: true,
				Default:  4,
			},
			"source_ip_address": &schema.Schema{
				Type:     schema.TypeString,
				Optional: true,
			},
			"destination_ip_address": &schema.Schema{
				Type:     schema.TypeString,
				Optional: true,
			},
			"source_port": &schema.Schema{
				Type:     schema.TypeString,
				Optional: true,
			},
			"destination_port": &schema.Schema{
				Type:     schema.TypeString,
				Optional: true,
			},
			"enabled": &schema.Schema{
				Type:     schema.TypeBool,
				Optional: true,
				Default:  true,
			},
			"tenant_id": &schema.Schema{
				Type:     schema.TypeString,
				Optional: true,
				ForceNew: true,
			},
		},
	}
}

func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error {

	config := meta.(*Config)
	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
	if err != nil {
		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
	}

	enabled := d.Get("enabled").(bool)

	ruleConfiguration := rules.CreateOpts{
		Name:                 d.Get("name").(string),
		Description:          d.Get("description").(string),
		Protocol:             d.Get("protocol").(string),
		Action:               d.Get("action").(string),
		IPVersion:            d.Get("ip_version").(int),
		SourceIPAddress:      d.Get("source_ip_address").(string),
		DestinationIPAddress: d.Get("destination_ip_address").(string),
		SourcePort:           d.Get("source_port").(string),
		DestinationPort:      d.Get("destination_port").(string),
		Enabled:              &enabled,
		TenantID:             d.Get("tenant_id").(string),
	}

	log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration)

	rule, err := rules.Create(networkingClient, ruleConfiguration).Extract()

	if err != nil {
		return err
	}

	log.Printf("[DEBUG] Firewall rule with id %s : %#v", rule.ID, rule)

	d.SetId(rule.ID)

	return resourceFWRuleV1Read(d, meta)
}

func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error {
	log.Printf("[DEBUG] Retrieve information about firewall rule: %s", d.Id())

	config := meta.(*Config)
	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
	if err != nil {
		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
	}

	rule, err := rules.Get(networkingClient, d.Id()).Extract()

	if err != nil {
		return CheckDeleted(d, err, "FW rule")
	}

	d.Set("protocol", rule.Protocol)
	d.Set("action", rule.Action)

	d.Set("name", rule.Name)
	d.Set("description", rule.Description)
	d.Set("ip_version", rule.IPVersion)
	d.Set("source_ip_address", rule.SourceIPAddress)
	d.Set("destination_ip_address", rule.DestinationIPAddress)
	d.Set("source_port", rule.SourcePort)
	d.Set("destination_port", rule.DestinationPort)
	d.Set("enabled", rule.Enabled)

	return nil
}

func resourceFWRuleV1Update(d *schema.ResourceData, meta interface{}) error {
	config := meta.(*Config)
	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
	if err != nil {
		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
	}

	opts := rules.UpdateOpts{}

	if d.HasChange("name") {
		opts.Name = d.Get("name").(string)
	}
	if d.HasChange("description") {
		opts.Description = d.Get("description").(string)
	}
	if d.HasChange("protocol") {
		opts.Protocol = d.Get("protocol").(string)
	}
	if d.HasChange("action") {
		opts.Action = d.Get("action").(string)
	}
	if d.HasChange("ip_version") {
		opts.IPVersion = d.Get("ip_version").(int)
	}
	if d.HasChange("source_ip_address") {
		sourceIPAddress := d.Get("source_ip_address").(string)
		opts.SourceIPAddress = &sourceIPAddress
	}
	if d.HasChange("destination_ip_address") {
		destinationIPAddress := d.Get("destination_ip_address").(string)
		opts.DestinationIPAddress = &destinationIPAddress
	}
	if d.HasChange("source_port") {
		sourcePort := d.Get("source_port").(string)
		opts.SourcePort = &sourcePort
	}
	if d.HasChange("destination_port") {
		destinationPort := d.Get("destination_port").(string)
		opts.DestinationPort = &destinationPort
	}
	if d.HasChange("enabled") {
		enabled := d.Get("enabled").(bool)
		opts.Enabled = &enabled
	}

	log.Printf("[DEBUG] Updating firewall rules: %#v", opts)

	err = rules.Update(networkingClient, d.Id(), opts).Err
	if err != nil {
		return err
	}

	return resourceFWRuleV1Read(d, meta)
}

func resourceFWRuleV1Delete(d *schema.ResourceData, meta interface{}) error {
	log.Printf("[DEBUG] Destroy firewall rule: %s", d.Id())

	config := meta.(*Config)
	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
	if err != nil {
		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
	}

	rule, err := rules.Get(networkingClient, d.Id()).Extract()
	if err != nil {
		return err
	}

	if rule.PolicyID != "" {
		err := policies.RemoveRule(networkingClient, rule.PolicyID, rule.ID)
		if err != nil {
			return err
		}
	}

	return rules.Delete(networkingClient, d.Id()).Err
}
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`package openstack`

			`import (`
			`"fmt"`
			`"log"`

			`"github.com/hashicorp/terraform/helper/schema"`
Unassociate firewall rule from policy before delete 2015-02-18 01:01:46 +01:00			`"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/policies"`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/rules"`
			`)`

FWaaS version is actually v1 not v2 Rename files and methods. Confusion have been made between neutron version and FWaaS extension version. 2015-02-19 22:55:54 +01:00			`func resourceFWRuleV1() *schema.Resource {`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`return &schema.Resource{`
FWaaS version is actually v1 not v2 Rename files and methods. Confusion have been made between neutron version and FWaaS extension version. 2015-02-19 22:55:54 +01:00			`Create: resourceFWRuleV1Create,`
			`Read: resourceFWRuleV1Read,`
			`Update: resourceFWRuleV1Update,`
			`Delete: resourceFWRuleV1Delete,`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00
			`Schema: map[string]*schema.Schema{`
			`"region": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`ForceNew: true,`
Allow Blank Region When OS_REGION_NAME is not set, fall back to a blank string. This will cause gophercloud to use the cloud's only region in single-region clouds. 2015-04-11 06:11:34 +02:00			`DefaultFunc: envDefaultFuncAllowMissing("OS_REGION_NAME"),`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`},`
			`"name": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
			`},`
			`"description": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
			`},`
			`"protocol": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`},`
			`"action": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`},`
			`"ip_version": &schema.Schema{`
			`Type: schema.TypeInt,`
			`Optional: true,`
			`Default: 4,`
			`},`
			`"source_ip_address": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
			`},`
			`"destination_ip_address": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
			`},`
			`"source_port": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
			`},`
			`"destination_port": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
			`},`
			`"enabled": &schema.Schema{`
			`Type: schema.TypeBool,`
			`Optional: true,`
			`Default: true,`
			`},`
Add tenant_id attribute on FWaaS resources 2015-02-10 00:19:01 +01:00			`"tenant_id": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
			`ForceNew: true,`
			`},`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`},`
			`}`
			`}`

FWaaS version is actually v1 not v2 Rename files and methods. Confusion have been made between neutron version and FWaaS extension version. 2015-02-19 22:55:54 +01:00			`func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error {`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00
			`config := meta.(*Config)`
			`networkingClient, err := config.networkingV2Client(d.Get("region").(string))`
			`if err != nil {`
			`return fmt.Errorf("Error creating OpenStack networking client: %s", err)`
			`}`

			`enabled := d.Get("enabled").(bool)`

			`ruleConfiguration := rules.CreateOpts{`
			`Name: d.Get("name").(string),`
			`Description: d.Get("description").(string),`
			`Protocol: d.Get("protocol").(string),`
			`Action: d.Get("action").(string),`
			`IPVersion: d.Get("ip_version").(int),`
			`SourceIPAddress: d.Get("source_ip_address").(string),`
			`DestinationIPAddress: d.Get("destination_ip_address").(string),`
			`SourcePort: d.Get("source_port").(string),`
			`DestinationPort: d.Get("destination_port").(string),`
			`Enabled: &enabled,`
Add tenant_id attribute on FWaaS resources 2015-02-10 00:19:01 +01:00			`TenantID: d.Get("tenant_id").(string),`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`}`

			`log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration)`

			`rule, err := rules.Create(networkingClient, ruleConfiguration).Extract()`

			`if err != nil {`
			`return err`
			`}`

			`log.Printf("[DEBUG] Firewall rule with id %s : %#v", rule.ID, rule)`

			`d.SetId(rule.ID)`

Return Read call result in Create & Update 2015-02-19 23:44:49 +01:00			`return resourceFWRuleV1Read(d, meta)`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`}`

FWaaS version is actually v1 not v2 Rename files and methods. Confusion have been made between neutron version and FWaaS extension version. 2015-02-19 22:55:54 +01:00			`func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error {`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`log.Printf("[DEBUG] Retrieve information about firewall rule: %s", d.Id())`

			`config := meta.(*Config)`
			`networkingClient, err := config.networkingV2Client(d.Get("region").(string))`
			`if err != nil {`
			`return fmt.Errorf("Error creating OpenStack networking client: %s", err)`
			`}`

			`rule, err := rules.Get(networkingClient, d.Id()).Extract()`

			`if err != nil {`
fix copy/paste typo in OpenStack FW error messages 2015-05-05 14:01:49 +02:00			`return CheckDeleted(d, err, "FW rule")`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`}`

			`d.Set("protocol", rule.Protocol)`
			`d.Set("action", rule.Action)`
Use d.GetOk to populate data in read operations 2015-02-18 01:27:45 +01:00
Fix general comments by @phinze 2015-03-24 13:59:55 +01:00			`d.Set("name", rule.Name)`
			`d.Set("description", rule.Description)`
			`d.Set("ip_version", rule.IPVersion)`
			`d.Set("source_ip_address", rule.SourceIPAddress)`
			`d.Set("destination_ip_address", rule.DestinationIPAddress)`
			`d.Set("source_port", rule.SourcePort)`
			`d.Set("destination_port", rule.DestinationPort)`
			`d.Set("enabled", rule.Enabled)`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00
			`return nil`
			`}`

FWaaS version is actually v1 not v2 Rename files and methods. Confusion have been made between neutron version and FWaaS extension version. 2015-02-19 22:55:54 +01:00			`func resourceFWRuleV1Update(d *schema.ResourceData, meta interface{}) error {`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`config := meta.(*Config)`
			`networkingClient, err := config.networkingV2Client(d.Get("region").(string))`
			`if err != nil {`
			`return fmt.Errorf("Error creating OpenStack networking client: %s", err)`
			`}`

			`opts := rules.UpdateOpts{}`

			`if d.HasChange("name") {`
Fix code regarding to the latest gophercloud code 2015-02-17 22:07:01 +01:00			`opts.Name = d.Get("name").(string)`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`}`
			`if d.HasChange("description") {`
Fix code regarding to the latest gophercloud code 2015-02-17 22:07:01 +01:00			`opts.Description = d.Get("description").(string)`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`}`
			`if d.HasChange("protocol") {`
			`opts.Protocol = d.Get("protocol").(string)`
			`}`
			`if d.HasChange("action") {`
			`opts.Action = d.Get("action").(string)`
			`}`
			`if d.HasChange("ip_version") {`
			`opts.IPVersion = d.Get("ip_version").(int)`
			`}`
			`if d.HasChange("source_ip_address") {`
			`sourceIPAddress := d.Get("source_ip_address").(string)`
			`opts.SourceIPAddress = &sourceIPAddress`
			`}`
			`if d.HasChange("destination_ip_address") {`
			`destinationIPAddress := d.Get("destination_ip_address").(string)`
			`opts.DestinationIPAddress = &destinationIPAddress`
			`}`
			`if d.HasChange("source_port") {`
			`sourcePort := d.Get("source_port").(string)`
			`opts.SourcePort = &sourcePort`
			`}`
			`if d.HasChange("destination_port") {`
			`destinationPort := d.Get("destination_port").(string)`
			`opts.DestinationPort = &destinationPort`
			`}`
			`if d.HasChange("enabled") {`
			`enabled := d.Get("enabled").(bool)`
			`opts.Enabled = &enabled`
			`}`

			`log.Printf("[DEBUG] Updating firewall rules: %#v", opts)`

Return Read call result in Create & Update 2015-02-19 23:44:49 +01:00			`err = rules.Update(networkingClient, d.Id(), opts).Err`
			`if err != nil {`
			`return err`
			`}`

			`return resourceFWRuleV1Read(d, meta)`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`}`

FWaaS version is actually v1 not v2 Rename files and methods. Confusion have been made between neutron version and FWaaS extension version. 2015-02-19 22:55:54 +01:00			`func resourceFWRuleV1Delete(d *schema.ResourceData, meta interface{}) error {`
Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`log.Printf("[DEBUG] Destroy firewall rule: %s", d.Id())`

			`config := meta.(*Config)`
			`networkingClient, err := config.networkingV2Client(d.Get("region").(string))`
			`if err != nil {`
			`return fmt.Errorf("Error creating OpenStack networking client: %s", err)`
			`}`
Unassociate firewall rule from policy before delete 2015-02-18 01:01:46 +01:00
			`rule, err := rules.Get(networkingClient, d.Id()).Extract()`
			`if err != nil {`
			`return err`
			`}`

			`if rule.PolicyID != "" {`
			`err := policies.RemoveRule(networkingClient, rule.PolicyID, rule.ID)`
			`if err != nil {`
			`return err`
			`}`
			`}`

Add FWaaS rule resource 2015-02-02 21:36:21 +01:00			`return rules.Delete(networkingClient, d.Id()).Err`
			`}`