add/delete security groups and rules
This commit is contained in:
parent
00ee96fb6f
commit
23d425072c
|
@ -50,6 +50,8 @@ func Provider() terraform.ResourceProvider {
|
|||
ResourcesMap: map[string]*schema.Resource{
|
||||
"openstack_compute_instance": resourceComputeInstance(),
|
||||
"openstack_compute_keypair": resourceComputeKeypair(),
|
||||
"openstack_compute_secgroup": resourceComputeSecGroup(),
|
||||
"openstack_compute_secgrouprule": resourceComputeSecGroupRule(),
|
||||
},
|
||||
|
||||
ConfigureFunc: configureProvider,
|
||||
|
|
|
@ -0,0 +1,103 @@
|
|||
package openstack
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
"github.com/rackspace/gophercloud/openstack/compute/v2/extensions/secgroups"
|
||||
)
|
||||
|
||||
func resourceComputeSecGroup() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: resourceComputeSecGroupCreate,
|
||||
Read: resourceComputeSecGroupRead,
|
||||
Update: resourceComputeSecGroupUpdate,
|
||||
Delete: resourceComputeSecGroupDelete,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: false,
|
||||
},
|
||||
|
||||
"description": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: false,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceComputeSecGroupCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
osClient := config.computeV2Client
|
||||
|
||||
createOpts := secgroups.CreateOpts{
|
||||
Name: d.Get("name").(string),
|
||||
Description: d.Get("description").(string),
|
||||
}
|
||||
|
||||
sg, err := secgroups.Create(osClient, createOpts).Extract()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error creating OpenStack security group: %s", err)
|
||||
}
|
||||
|
||||
d.SetId(sg.ID)
|
||||
|
||||
return resourceComputeSecGroupRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceComputeSecGroupRead(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
osClient := config.computeV2Client
|
||||
|
||||
sg, err := secgroups.Get(osClient, d.Id()).Extract()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error retrieving OpenStack security group: %s", err)
|
||||
}
|
||||
|
||||
d.Set("name", sg.Name)
|
||||
d.Set("description", sg.Description)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceComputeSecGroupUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
osClient := config.computeV2Client
|
||||
|
||||
var updateOpts secgroups.UpdateOpts
|
||||
if d.HasChange("name") {
|
||||
updateOpts.Name = d.Get("name").(string)
|
||||
}
|
||||
if d.HasChange("description") {
|
||||
updateOpts.Description = d.Get("description").(string)
|
||||
}
|
||||
|
||||
// If there's nothing to update, don't waste an HTTP call.
|
||||
if updateOpts != (secgroups.UpdateOpts{}) {
|
||||
log.Printf("[DEBUG] Updating Security Group (%s) with options: %+v", d.Id(), updateOpts)
|
||||
|
||||
_, err := secgroups.Update(osClient, d.Id(), updateOpts).Extract()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error updating OpenStack security group (%s): %s", d.Id(), err)
|
||||
}
|
||||
}
|
||||
|
||||
return resourceComputeSecGroupRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceComputeSecGroupDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
osClient := config.computeV2Client
|
||||
|
||||
err := secgroups.Delete(osClient, d.Id()).ExtractErr()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error deleting OpenStack security group: %s", err)
|
||||
}
|
||||
d.SetId("")
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,99 @@
|
|||
package openstack
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
"github.com/rackspace/gophercloud/openstack/compute/v2/extensions/secgroups"
|
||||
)
|
||||
|
||||
func resourceComputeSecGroupRule() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: resourceComputeSecGroupRuleCreate,
|
||||
Read: resourceComputeSecGroupRuleRead,
|
||||
Delete: resourceComputeSecGroupRuleDelete,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"group_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"from_port": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"to_port": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"ip_protocol": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"cidr": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"from_group_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceComputeSecGroupRuleCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
osClient := config.computeV2Client
|
||||
|
||||
createOpts := secgroups.CreateRuleOpts{
|
||||
ParentGroupID: d.Get("group_id").(string),
|
||||
FromPort: d.Get("from_port").(int),
|
||||
ToPort: d.Get("to_port").(int),
|
||||
IPProtocol: d.Get("ip_protocol").(string),
|
||||
CIDR: d.Get("cidr").(string),
|
||||
FromGroupID: d.Get("from_group_id").(string),
|
||||
}
|
||||
|
||||
sgr, err := secgroups.CreateRule(osClient, createOpts).Extract()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error creating OpenStack security group rule: %s", err)
|
||||
}
|
||||
|
||||
d.SetId(sgr.ID)
|
||||
d.Set("group_id", sgr.ParentGroupID)
|
||||
d.Set("from_port", sgr.FromPort)
|
||||
d.Set("to_port", sgr.ToPort)
|
||||
d.Set("ip_protocol", sgr.IPProtocol)
|
||||
d.Set("cidr", sgr.IPRange.CIDR)
|
||||
d.Set("from_group_id", d.Get("from_group_id").(string))
|
||||
|
||||
return resourceComputeSecGroupRuleRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceComputeSecGroupRuleRead(d *schema.ResourceData, meta interface{}) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceComputeSecGroupRuleDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
osClient := config.computeV2Client
|
||||
|
||||
err := secgroups.DeleteRule(osClient, d.Id()).ExtractErr()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error deleting OpenStack security group rule: %s", err)
|
||||
}
|
||||
d.SetId("")
|
||||
return nil
|
||||
}
|
Loading…
Reference in New Issue