add/delete security groups and rules

builtin/providers/openstack/provider.go

@@ -50,6 +50,8 @@ func Provider() terraform.ResourceProvider {
 		ResourcesMap: map[string]*schema.Resource{
 			"openstack_compute_instance":     resourceComputeInstance(),
 			"openstack_compute_keypair":      resourceComputeKeypair(),
+			"openstack_compute_secgroup":     resourceComputeSecGroup(),
+			"openstack_compute_secgrouprule": resourceComputeSecGroupRule(),
 		},
 
 		ConfigureFunc: configureProvider,

builtin/providers/openstack/resource_compute_secgroup.go

@@ -0,0 +1,103 @@
+package openstack
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/rackspace/gophercloud/openstack/compute/v2/extensions/secgroups"
+)
+
+func resourceComputeSecGroup() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeSecGroupCreate,
+		Read:   resourceComputeSecGroupRead,
+		Update: resourceComputeSecGroupUpdate,
+		Delete: resourceComputeSecGroupDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: false,
+			},
+
+			"description": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: false,
+			},
+		},
+	}
+}
+
+func resourceComputeSecGroupCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	osClient := config.computeV2Client
+
+	createOpts := secgroups.CreateOpts{
+		Name:        d.Get("name").(string),
+		Description: d.Get("description").(string),
+	}
+
+	sg, err := secgroups.Create(osClient, createOpts).Extract()
+	if err != nil {
+		return fmt.Errorf("Error creating OpenStack security group: %s", err)
+	}
+
+	d.SetId(sg.ID)
+
+	return resourceComputeSecGroupRead(d, meta)
+}
+
+func resourceComputeSecGroupRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	osClient := config.computeV2Client
+
+	sg, err := secgroups.Get(osClient, d.Id()).Extract()
+	if err != nil {
+		return fmt.Errorf("Error retrieving OpenStack security group: %s", err)
+	}
+
+	d.Set("name", sg.Name)
+	d.Set("description", sg.Description)
+
+	return nil
+}
+
+func resourceComputeSecGroupUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	osClient := config.computeV2Client
+
+	var updateOpts secgroups.UpdateOpts
+	if d.HasChange("name") {
+		updateOpts.Name = d.Get("name").(string)
+	}
+	if d.HasChange("description") {
+		updateOpts.Description = d.Get("description").(string)
+	}
+
+	// If there's nothing to update, don't waste an HTTP call.
+	if updateOpts != (secgroups.UpdateOpts{}) {
+		log.Printf("[DEBUG] Updating Security Group (%s) with options: %+v", d.Id(), updateOpts)
+
+		_, err := secgroups.Update(osClient, d.Id(), updateOpts).Extract()
+		if err != nil {
+			return fmt.Errorf("Error updating OpenStack security group (%s): %s", d.Id(), err)
+		}
+	}
+
+	return resourceComputeSecGroupRead(d, meta)
+}
+
+func resourceComputeSecGroupDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	osClient := config.computeV2Client
+
+	err := secgroups.Delete(osClient, d.Id()).ExtractErr()
+	if err != nil {
+		return fmt.Errorf("Error deleting OpenStack security group: %s", err)
+	}
+	d.SetId("")
+	return nil
+}

builtin/providers/openstack/resource_compute_secgrouprule.go

@@ -0,0 +1,99 @@
+package openstack
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/rackspace/gophercloud/openstack/compute/v2/extensions/secgroups"
+)
+
+func resourceComputeSecGroupRule() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeSecGroupRuleCreate,
+		Read:   resourceComputeSecGroupRuleRead,
+		Delete: resourceComputeSecGroupRuleDelete,
+
+		Schema: map[string]*schema.Schema{
+			"group_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"from_port": &schema.Schema{
+				Type:     schema.TypeInt,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"to_port": &schema.Schema{
+				Type:     schema.TypeInt,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"ip_protocol": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"cidr": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"from_group_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceComputeSecGroupRuleCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	osClient := config.computeV2Client
+
+	createOpts := secgroups.CreateRuleOpts{
+		ParentGroupID: d.Get("group_id").(string),
+		FromPort:      d.Get("from_port").(int),
+		ToPort:        d.Get("to_port").(int),
+		IPProtocol:    d.Get("ip_protocol").(string),
+		CIDR:          d.Get("cidr").(string),
+		FromGroupID:   d.Get("from_group_id").(string),
+	}
+
+	sgr, err := secgroups.CreateRule(osClient, createOpts).Extract()
+	if err != nil {
+		return fmt.Errorf("Error creating OpenStack security group rule: %s", err)
+	}
+
+	d.SetId(sgr.ID)
+	d.Set("group_id", sgr.ParentGroupID)
+	d.Set("from_port", sgr.FromPort)
+	d.Set("to_port", sgr.ToPort)
+	d.Set("ip_protocol", sgr.IPProtocol)
+	d.Set("cidr", sgr.IPRange.CIDR)
+	d.Set("from_group_id", d.Get("from_group_id").(string))
+
+	return resourceComputeSecGroupRuleRead(d, meta)
+}
+
+func resourceComputeSecGroupRuleRead(d *schema.ResourceData, meta interface{}) error {
+	return nil
+}
+
+func resourceComputeSecGroupRuleDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	osClient := config.computeV2Client
+
+	err := secgroups.DeleteRule(osClient, d.Id()).ExtractErr()
+	if err != nil {
+		return fmt.Errorf("Error deleting OpenStack security group rule: %s", err)
+	}
+	d.SetId("")
+	return nil
+}