add/delete security groups and rules

This commit is contained in:
Jon Perritt 2015-01-08 10:47:10 -07:00
parent 00ee96fb6f
commit 23d425072c
3 changed files with 206 additions and 2 deletions

View File

@ -50,6 +50,8 @@ func Provider() terraform.ResourceProvider {
ResourcesMap: map[string]*schema.Resource{
"openstack_compute_instance": resourceComputeInstance(),
"openstack_compute_keypair": resourceComputeKeypair(),
"openstack_compute_secgroup": resourceComputeSecGroup(),
"openstack_compute_secgrouprule": resourceComputeSecGroupRule(),
},
ConfigureFunc: configureProvider,

View File

@ -0,0 +1,103 @@
package openstack
import (
"fmt"
"log"
"github.com/hashicorp/terraform/helper/schema"
"github.com/rackspace/gophercloud/openstack/compute/v2/extensions/secgroups"
)
func resourceComputeSecGroup() *schema.Resource {
return &schema.Resource{
Create: resourceComputeSecGroupCreate,
Read: resourceComputeSecGroupRead,
Update: resourceComputeSecGroupUpdate,
Delete: resourceComputeSecGroupDelete,
Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: false,
},
"description": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: false,
},
},
}
}
func resourceComputeSecGroupCreate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
osClient := config.computeV2Client
createOpts := secgroups.CreateOpts{
Name: d.Get("name").(string),
Description: d.Get("description").(string),
}
sg, err := secgroups.Create(osClient, createOpts).Extract()
if err != nil {
return fmt.Errorf("Error creating OpenStack security group: %s", err)
}
d.SetId(sg.ID)
return resourceComputeSecGroupRead(d, meta)
}
func resourceComputeSecGroupRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
osClient := config.computeV2Client
sg, err := secgroups.Get(osClient, d.Id()).Extract()
if err != nil {
return fmt.Errorf("Error retrieving OpenStack security group: %s", err)
}
d.Set("name", sg.Name)
d.Set("description", sg.Description)
return nil
}
func resourceComputeSecGroupUpdate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
osClient := config.computeV2Client
var updateOpts secgroups.UpdateOpts
if d.HasChange("name") {
updateOpts.Name = d.Get("name").(string)
}
if d.HasChange("description") {
updateOpts.Description = d.Get("description").(string)
}
// If there's nothing to update, don't waste an HTTP call.
if updateOpts != (secgroups.UpdateOpts{}) {
log.Printf("[DEBUG] Updating Security Group (%s) with options: %+v", d.Id(), updateOpts)
_, err := secgroups.Update(osClient, d.Id(), updateOpts).Extract()
if err != nil {
return fmt.Errorf("Error updating OpenStack security group (%s): %s", d.Id(), err)
}
}
return resourceComputeSecGroupRead(d, meta)
}
func resourceComputeSecGroupDelete(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
osClient := config.computeV2Client
err := secgroups.Delete(osClient, d.Id()).ExtractErr()
if err != nil {
return fmt.Errorf("Error deleting OpenStack security group: %s", err)
}
d.SetId("")
return nil
}

View File

@ -0,0 +1,99 @@
package openstack
import (
"fmt"
"github.com/hashicorp/terraform/helper/schema"
"github.com/rackspace/gophercloud/openstack/compute/v2/extensions/secgroups"
)
func resourceComputeSecGroupRule() *schema.Resource {
return &schema.Resource{
Create: resourceComputeSecGroupRuleCreate,
Read: resourceComputeSecGroupRuleRead,
Delete: resourceComputeSecGroupRuleDelete,
Schema: map[string]*schema.Schema{
"group_id": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"from_port": &schema.Schema{
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
"to_port": &schema.Schema{
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
"ip_protocol": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"cidr": &schema.Schema{
Type: schema.TypeString,
Optional: true,
ForceNew: true,
},
"from_group_id": &schema.Schema{
Type: schema.TypeString,
Optional: true,
ForceNew: true,
},
},
}
}
func resourceComputeSecGroupRuleCreate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
osClient := config.computeV2Client
createOpts := secgroups.CreateRuleOpts{
ParentGroupID: d.Get("group_id").(string),
FromPort: d.Get("from_port").(int),
ToPort: d.Get("to_port").(int),
IPProtocol: d.Get("ip_protocol").(string),
CIDR: d.Get("cidr").(string),
FromGroupID: d.Get("from_group_id").(string),
}
sgr, err := secgroups.CreateRule(osClient, createOpts).Extract()
if err != nil {
return fmt.Errorf("Error creating OpenStack security group rule: %s", err)
}
d.SetId(sgr.ID)
d.Set("group_id", sgr.ParentGroupID)
d.Set("from_port", sgr.FromPort)
d.Set("to_port", sgr.ToPort)
d.Set("ip_protocol", sgr.IPProtocol)
d.Set("cidr", sgr.IPRange.CIDR)
d.Set("from_group_id", d.Get("from_group_id").(string))
return resourceComputeSecGroupRuleRead(d, meta)
}
func resourceComputeSecGroupRuleRead(d *schema.ResourceData, meta interface{}) error {
return nil
}
func resourceComputeSecGroupRuleDelete(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
osClient := config.computeV2Client
err := secgroups.DeleteRule(osClient, d.Id()).ExtractErr()
if err != nil {
return fmt.Errorf("Error deleting OpenStack security group rule: %s", err)
}
d.SetId("")
return nil
}