Merge pull request #6410 from cristicalin/neutron_security_groups_v1

provider/openstack: implement neutron security groups and rules
2016-05-03 08:18:41 -06:00 · 2016-05-03 08:18:41 -06:00 · 8f2b6e8127
parent 846561964e 6fe82696d2
commit 8f2b6e8127
16 changed files with 1387 additions and 72 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -1001,183 +1001,193 @@
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/blockstorage/v1/volumes",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/extensions/bootfromvolume",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/extensions/floatingip",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/extensions/keypairs",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/extensions/schedulerhints",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/extensions/secgroups",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/extensions/servergroups",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/extensions/tenantnetworks",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/extensions/volumeattach",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/flavors",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/images",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/compute/v2/servers",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/identity/v2/tenants",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/identity/v2/tokens",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/identity/v3/tokens",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/firewalls",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/policies",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/rules",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/floatingips",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/layer3/routers",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/lbaas/members",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/lbaas/monitors",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/lbaas/pools",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/lbaas/vips",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/groups",
 			"Comment": "v1.0.0-884-gc54bbac",
 			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/rules",
 			"Comment": "v1.0.0-884-gc54bbac",
 			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/networks",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/ports",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/networking/v2/subnets",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/objectstorage/v1/accounts",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/objectstorage/v1/containers",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/objectstorage/v1/objects",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/openstack/utils",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/pagination",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/testhelper",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/rackspace/gophercloud/testhelper/client",
-			"Comment": "v1.0.0-868-ga09b5b4",
+			"Comment": "v1.0.0-884-gc54bbac",
-			"Rev": "a09b5b4eb58195b6fb3898496586b8d6aeb558e0"
+			"Rev": "c54bbac81d19eb4df3ad167764dbb6ff2e7194de"
 		},
 		{
 			"ImportPath": "github.com/satori/go.uuid",
--- a/builtin/providers/openstack/provider.go
+++ b/builtin/providers/openstack/provider.go
@ -101,6 +101,8 @@ func Provider() terraform.ResourceProvider {
 			"openstack_networking_router_v2":           resourceNetworkingRouterV2(),
 			"openstack_networking_router_interface_v2": resourceNetworkingRouterInterfaceV2(),
 			"openstack_networking_router_route_v2":     resourceNetworkingRouterRouteV2(),
 			"openstack_networking_secgroup_v2":         resourceNetworkingSecGroupV2(),
 			"openstack_networking_secgroup_rule_v2":    resourceNetworkingSecGroupRuleV2(),
 			"openstack_objectstorage_container_v1":     resourceObjectStorageContainerV1(),
 		},
--- a/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2.go
+++ b/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2.go
@ -0,0 +1,209 @@
 package openstack
 import (
 	"fmt"
 	"log"
 	"time"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/rackspace/gophercloud"
 	"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/rules"
 )
 func resourceNetworkingSecGroupRuleV2() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceNetworkingSecGroupRuleV2Create,
 		Read:   resourceNetworkingSecGroupRuleV2Read,
 		Delete: resourceNetworkingSecGroupRuleV2Delete,
 		Schema: map[string]*schema.Schema{
 			"region": &schema.Schema{
 				Type:        schema.TypeString,
 				Required:    true,
 				ForceNew:    true,
 				DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""),
 			},
 			"direction": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
 			},
 			"ethertype": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
 			},
 			"port_range_min": &schema.Schema{
 				Type:     schema.TypeInt,
 				Optional: true,
 				ForceNew: true,
 				Computed: true,
 			},
 			"port_range_max": &schema.Schema{
 				Type:     schema.TypeInt,
 				Optional: true,
 				ForceNew: true,
 				Computed: true,
 			},
 			"protocol": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				ForceNew: true,
 				Computed: true,
 			},
 			"remote_group_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				ForceNew: true,
 				Computed: true,
 			},
 			"remote_ip_prefix": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				ForceNew: true,
 				Computed: true,
 			},
 			"security_group_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
 			},
 			"tenant_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				ForceNew: true,
 				Computed: true,
 			},
 		},
 	}
 }
 func resourceNetworkingSecGroupRuleV2Create(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
 	if err != nil {
 		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
 	}
 	portRangeMin := d.Get("port_range_min").(int)
 	portRangeMax := d.Get("port_range_max").(int)
 	protocol := d.Get("protocol").(string)
 	if protocol == "" {
 		if portRangeMin != 0 || portRangeMax != 0 {
 			return fmt.Errorf("A protocol must be specified when using port_range_min and port_range_max")
 		}
 	}
 	opts := rules.CreateOpts{
 		Direction:      d.Get("direction").(string),
 		EtherType:      d.Get("ethertype").(string),
 		SecGroupID:     d.Get("security_group_id").(string),
 		PortRangeMin:   d.Get("port_range_min").(int),
 		PortRangeMax:   d.Get("port_range_max").(int),
 		Protocol:       d.Get("protocol").(string),
 		RemoteGroupID:  d.Get("remote_group_id").(string),
 		RemoteIPPrefix: d.Get("remote_ip_prefix").(string),
 		TenantID:       d.Get("tenant_id").(string),
 	}
 	log.Printf("[DEBUG] Create OpenStack Neutron security group: %#v", opts)
 	security_group_rule, err := rules.Create(networkingClient, opts).Extract()
 	if err != nil {
 		return err
 	}
 	log.Printf("[DEBUG] OpenStack Neutron Security Group Rule created: %#v", security_group_rule)
 	d.SetId(security_group_rule.ID)
 	return resourceNetworkingSecGroupRuleV2Read(d, meta)
 }
 func resourceNetworkingSecGroupRuleV2Read(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[DEBUG] Retrieve information about security group rule: %s", d.Id())
 	config := meta.(*Config)
 	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
 	if err != nil {
 		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
 	}
 	security_group_rule, err := rules.Get(networkingClient, d.Id()).Extract()
 	if err != nil {
 		return CheckDeleted(d, err, "OpenStack Security Group Rule")
 	}
 	d.Set("protocol", security_group_rule.Protocol)
 	d.Set("port_range_min", security_group_rule.PortRangeMin)
 	d.Set("port_range_max", security_group_rule.PortRangeMax)
 	d.Set("remote_group_id", security_group_rule.RemoteGroupID)
 	d.Set("remote_ip_prefix", security_group_rule.RemoteIPPrefix)
 	d.Set("tenant_id", security_group_rule.TenantID)
 	return nil
 }
 func resourceNetworkingSecGroupRuleV2Delete(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[DEBUG] Destroy security group rule: %s", d.Id())
 	config := meta.(*Config)
 	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
 	if err != nil {
 		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
 	}
 	stateConf := &resource.StateChangeConf{
 		Pending:    []string{"ACTIVE"},
 		Target:     []string{"DELETED"},
 		Refresh:    waitForSecGroupRuleDelete(networkingClient, d.Id()),
 		Timeout:    2 * time.Minute,
 		Delay:      5 * time.Second,
 		MinTimeout: 3 * time.Second,
 	}
 	_, err = stateConf.WaitForState()
 	if err != nil {
 		return fmt.Errorf("Error deleting OpenStack Neutron Security Group Rule: %s", err)
 	}
 	d.SetId("")
 	return err
 }
 func waitForSecGroupRuleDelete(networkingClient *gophercloud.ServiceClient, secGroupRuleId string) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {
 		log.Printf("[DEBUG] Attempting to delete OpenStack Security Group Rule %s.\n", secGroupRuleId)
 		r, err := rules.Get(networkingClient, secGroupRuleId).Extract()
 		if err != nil {
 			errCode, ok := err.(*gophercloud.UnexpectedResponseCodeError)
 			if !ok {
 				return r, "ACTIVE", err
 			}
 			if errCode.Actual == 404 {
 				log.Printf("[DEBUG] Successfully deleted OpenStack Neutron Security Group Rule %s", secGroupRuleId)
 				return r, "DELETED", nil
 			}
 		}
 		err = rules.Delete(networkingClient, secGroupRuleId).ExtractErr()
 		if err != nil {
 			errCode, ok := err.(*gophercloud.UnexpectedResponseCodeError)
 			if !ok {
 				return r, "ACTIVE", err
 			}
 			if errCode.Actual == 404 {
 				log.Printf("[DEBUG] Successfully deleted OpenStack Neutron Security Group Rule %s", secGroupRuleId)
 				return r, "DELETED", nil
 			}
 		}
 		log.Printf("[DEBUG] OpenStack Neutron Security Group Rule %s still active.\n", secGroupRuleId)
 		return r, "ACTIVE", nil
 	}
 }
--- a/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2_test.go
+++ b/builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2_test.go
@ -0,0 +1,117 @@
 package openstack
 import (
 	"fmt"
 	"testing"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
 	"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/groups"
 	"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/rules"
 )
 func TestAccNetworkingV2SecGroupRule_basic(t *testing.T) {
 	var security_group_1 groups.SecGroup
 	var security_group_2 groups.SecGroup
 	var security_group_rule_1 rules.SecGroupRule
 	var security_group_rule_2 rules.SecGroupRule
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckNetworkingV2SecGroupRuleDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
 				Config: testAccNetworkingV2SecGroupRule_basic,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckNetworkingV2SecGroupExists(t, "openstack_networking_secgroup_v2.sg_foo", &security_group_1),
 					testAccCheckNetworkingV2SecGroupExists(t, "openstack_networking_secgroup_v2.sg_bar", &security_group_2),
 					testAccCheckNetworkingV2SecGroupRuleExists(t, "openstack_networking_secgroup_rule_v2.sr_foo", &security_group_rule_1),
 					testAccCheckNetworkingV2SecGroupRuleExists(t, "openstack_networking_secgroup_rule_v2.sr_bar", &security_group_rule_2),
 				),
 			},
 		},
 	})
 }
 func testAccCheckNetworkingV2SecGroupRuleDestroy(s *terraform.State) error {
 	config := testAccProvider.Meta().(*Config)
 	networkingClient, err := config.networkingV2Client(OS_REGION_NAME)
 	if err != nil {
 		return fmt.Errorf("(testAccCheckNetworkingV2SecGroupRuleDestroy) Error creating OpenStack networking client: %s", err)
 	}
 	for _, rs := range s.RootModule().Resources {
 		if rs.Type != "openstack_networking_secgroup_rule_v2" {
 			continue
 		}
 		_, err := rules.Get(networkingClient, rs.Primary.ID).Extract()
 		if err == nil {
 			return fmt.Errorf("Security group rule still exists")
 		}
 	}
 	return nil
 }
 func testAccCheckNetworkingV2SecGroupRuleExists(t *testing.T, n string, security_group_rule *rules.SecGroupRule) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
 		if !ok {
 			return fmt.Errorf("Not found: %s", n)
 		}
 		if rs.Primary.ID == "" {
 			return fmt.Errorf("No ID is set")
 		}
 		config := testAccProvider.Meta().(*Config)
 		networkingClient, err := config.networkingV2Client(OS_REGION_NAME)
 		if err != nil {
 			return fmt.Errorf("(testAccCheckNetworkingV2SecGroupRuleExists) Error creating OpenStack networking client: %s", err)
 		}
 		found, err := rules.Get(networkingClient, rs.Primary.ID).Extract()
 		if err != nil {
 			return err
 		}
 		if found.ID != rs.Primary.ID {
 			return fmt.Errorf("Security group rule not found")
 		}
 		*security_group_rule = *found
 		return nil
 	}
 }
 var testAccNetworkingV2SecGroupRule_basic = fmt.Sprintf(`
  resource "openstack_networking_secgroup_v2" "sg_foo" {
    name = "security_group_1"
    description = "terraform security group rule acceptance test"
  }
  resource "openstack_networking_secgroup_v2" "sg_bar" {
    name = "security_group_2"
    description = "terraform security group rule acceptance test"
  }
  resource "openstack_networking_secgroup_rule_v2" "sr_foo" {
    direction = "ingress"
    ethertype = "IPv4"
    port_range_max = 22
    port_range_min = 22
    protocol = "tcp"
    remote_ip_prefix = "0.0.0.0/0"
    security_group_id = "${openstack_networking_secgroup_v2.sg_foo.id}"
  }
  resource "openstack_networking_secgroup_rule_v2" "sr_bar" {
    direction = "ingress"
    ethertype = "IPv4"
    port_range_max = 80 
    port_range_min = 80
    protocol = "tcp"
    remote_group_id = "${openstack_networking_secgroup_v2.sg_foo.id}"
    security_group_id = "${openstack_networking_secgroup_v2.sg_bar.id}"
  }`)
--- a/builtin/providers/openstack/resource_openstack_networking_secgroup_v2.go
+++ b/builtin/providers/openstack/resource_openstack_networking_secgroup_v2.go
@ -0,0 +1,155 @@
 package openstack
 import (
 	"fmt"
 	"log"
 	"time"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/rackspace/gophercloud"
 	"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/groups"
 )
 func resourceNetworkingSecGroupV2() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceNetworkingSecGroupV2Create,
 		Read:   resourceNetworkingSecGroupV2Read,
 		Delete: resourceNetworkingSecGroupV2Delete,
 		Schema: map[string]*schema.Schema{
 			"region": &schema.Schema{
 				Type:        schema.TypeString,
 				Required:    true,
 				ForceNew:    true,
 				DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""),
 			},
 			"name": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
 			},
 			"description": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				ForceNew: true,
 				Computed: true,
 			},
 			"tenant_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				ForceNew: true,
 				Computed: true,
 			},
 		},
 	}
 }
 func resourceNetworkingSecGroupV2Create(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
 	if err != nil {
 		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
 	}
 	opts := groups.CreateOpts{
 		Name:        d.Get("name").(string),
 		Description: d.Get("description").(string),
 		TenantID:    d.Get("tenant_id").(string),
 	}
 	log.Printf("[DEBUG] Create OpenStack Neutron Security Group: %#v", opts)
 	security_group, err := groups.Create(networkingClient, opts).Extract()
 	if err != nil {
 		return err
 	}
 	log.Printf("[DEBUG] OpenStack Neutron Security Group created: %#v", security_group)
 	d.SetId(security_group.ID)
 	return resourceNetworkingSecGroupV2Read(d, meta)
 }
 func resourceNetworkingSecGroupV2Read(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[DEBUG] Retrieve information about security group: %s", d.Id())
 	config := meta.(*Config)
 	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
 	if err != nil {
 		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
 	}
 	security_group, err := groups.Get(networkingClient, d.Id()).Extract()
 	if err != nil {
 		return CheckDeleted(d, err, "OpenStack Neutron Security group")
 	}
 	d.Set("description", security_group.Description)
 	d.Set("tenant_id", security_group.TenantID)
 	return nil
 }
 func resourceNetworkingSecGroupV2Delete(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[DEBUG] Destroy security group: %s", d.Id())
 	config := meta.(*Config)
 	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
 	if err != nil {
 		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
 	}
 	stateConf := &resource.StateChangeConf{
 		Pending:    []string{"ACTIVE"},
 		Target:     []string{"DELETED"},
 		Refresh:    waitForSecGroupDelete(networkingClient, d.Id()),
 		Timeout:    2 * time.Minute,
 		Delay:      5 * time.Second,
 		MinTimeout: 3 * time.Second,
 	}
 	_, err = stateConf.WaitForState()
 	if err != nil {
 		return fmt.Errorf("Error deleting OpenStack Neutron Security Group: %s", err)
 	}
 	d.SetId("")
 	return err
 }
 func waitForSecGroupDelete(networkingClient *gophercloud.ServiceClient, secGroupId string) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {
 		log.Printf("[DEBUG] Attempting to delete OpenStack Security Group %s.\n", secGroupId)
 		r, err := groups.Get(networkingClient, secGroupId).Extract()
 		if err != nil {
 			errCode, ok := err.(*gophercloud.UnexpectedResponseCodeError)
 			if !ok {
 				return r, "ACTIVE", err
 			}
 			if errCode.Actual == 404 {
 				log.Printf("[DEBUG] Successfully deleted OpenStack Neutron Security Group %s", secGroupId)
 				return r, "DELETED", nil
 			}
 		}
 		err = groups.Delete(networkingClient, secGroupId).ExtractErr()
 		if err != nil {
 			errCode, ok := err.(*gophercloud.UnexpectedResponseCodeError)
 			if !ok {
 				return r, "ACTIVE", err
 			}
 			if errCode.Actual == 404 {
 				log.Printf("[DEBUG] Successfully deleted OpenStack Neutron Security Group %s", secGroupId)
 				return r, "DELETED", nil
 			}
 		}
 		log.Printf("[DEBUG] OpenStack Neutron Security Group %s still active.\n", secGroupId)
 		return r, "ACTIVE", nil
 	}
 }
--- a/builtin/providers/openstack/resource_openstack_networking_secgroup_v2_test.go
+++ b/builtin/providers/openstack/resource_openstack_networking_secgroup_v2_test.go
@ -0,0 +1,100 @@
 package openstack
 import (
 	"fmt"
 	"testing"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
 	"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/groups"
 )
 func TestAccNetworkingV2SecGroup_basic(t *testing.T) {
 	var security_group groups.SecGroup
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckNetworkingV2SecGroupDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
 				Config: testAccNetworkingV2SecGroup_basic,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckNetworkingV2SecGroupExists(t, "openstack_networking_secgroup_v2.foo", &security_group),
 				),
 			},
 			resource.TestStep{
 				Config: testAccNetworkingV2SecGroup_update,
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("openstack_networking_secgroup_v2.foo", "name", "security_group_2"),
 				),
 			},
 		},
 	})
 }
 func testAccCheckNetworkingV2SecGroupDestroy(s *terraform.State) error {
 	config := testAccProvider.Meta().(*Config)
 	networkingClient, err := config.networkingV2Client(OS_REGION_NAME)
 	if err != nil {
 		return fmt.Errorf("(testAccCheckNetworkingV2SecGroupDestroy) Error creating OpenStack networking client: %s", err)
 	}
 	for _, rs := range s.RootModule().Resources {
 		if rs.Type != "openstack_networking_secgroup_v2" {
 			continue
 		}
 		_, err := groups.Get(networkingClient, rs.Primary.ID).Extract()
 		if err == nil {
 			return fmt.Errorf("Security group still exists")
 		}
 	}
 	return nil
 }
 func testAccCheckNetworkingV2SecGroupExists(t *testing.T, n string, security_group *groups.SecGroup) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
 		if !ok {
 			return fmt.Errorf("Not found: %s", n)
 		}
 		if rs.Primary.ID == "" {
 			return fmt.Errorf("No ID is set")
 		}
 		config := testAccProvider.Meta().(*Config)
 		networkingClient, err := config.networkingV2Client(OS_REGION_NAME)
 		if err != nil {
 			return fmt.Errorf("(testAccCheckNetworkingV2SecGroupExists) Error creating OpenStack networking client: %s", err)
 		}
 		found, err := groups.Get(networkingClient, rs.Primary.ID).Extract()
 		if err != nil {
 			return err
 		}
 		if found.ID != rs.Primary.ID {
 			return fmt.Errorf("Security group not found")
 		}
 		*security_group = *found
 		return nil
 	}
 }
 var testAccNetworkingV2SecGroup_basic = fmt.Sprintf(`
  resource "openstack_networking_secgroup_v2" "foo" {
    name = "security_group"
    description = "terraform security group acceptance test"
  }`)
 var testAccNetworkingV2SecGroup_update = fmt.Sprintf(`
  resource "openstack_networking_secgroup_v2" "foo" {
    name = "security_group_2"
    description = "terraform security group acceptance test"
  }`)
--- a/vendor/github.com/rackspace/gophercloud/auth_options.go
+++ b/vendor/github.com/rackspace/gophercloud/auth_options.go
@ -42,6 +42,11 @@ type AuthOptions struct {
 	// re-authenticate automatically if/when your token expires.  If you set it to
 	// false, it will not cache these settings, but re-authentication will not be
 	// possible.  This setting defaults to false.
 	//
 	// NOTE: The reauth function will try to re-authenticate endlessly if left unchecked.
 	// The way to limit the number of attempts is to provide a custom HTTP client to the provider client 
 	// and provide a transport that implements the RoundTripper interface and stores the number of failed retries.
 	// For an example of this, see here: https://github.com/rackspace/rack/blob/1.0.0/auth/clients.go#L311
 	AllowReauth bool
 	// TokenID allows users to authenticate (possibly as another user) with an
--- a/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/groups/requests.go
+++ b/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/groups/requests.go
@ -0,0 +1,131 @@
 package groups
 import (
 	"fmt"
 	"github.com/rackspace/gophercloud"
 	"github.com/rackspace/gophercloud/pagination"
 )
 // ListOpts allows the filtering and sorting of paginated collections through
 // the API. Filtering is achieved by passing in struct field values that map to
 // the floating IP attributes you want to see returned. SortKey allows you to
 // sort by a particular network attribute. SortDir sets the direction, and is
 // either `asc' or `desc'. Marker and Limit are used for pagination.
 type ListOpts struct {
 	ID       string `q:"id"`
 	Name     string `q:"name"`
 	TenantID string `q:"tenant_id"`
 	Limit    int    `q:"limit"`
 	Marker   string `q:"marker"`
 	SortKey  string `q:"sort_key"`
 	SortDir  string `q:"sort_dir"`
 }
 // List returns a Pager which allows you to iterate over a collection of
 // security groups. It accepts a ListOpts struct, which allows you to filter
 // and sort the returned collection for greater efficiency.
 func List(c *gophercloud.ServiceClient, opts ListOpts) pagination.Pager {
 	q, err := gophercloud.BuildQueryString(&opts)
 	if err != nil {
 		return pagination.Pager{Err: err}
 	}
 	u := rootURL(c) + q.String()
 	return pagination.NewPager(c, u, func(r pagination.PageResult) pagination.Page {
 		return SecGroupPage{pagination.LinkedPageBase{PageResult: r}}
 	})
 }
 var (
 	errNameRequired = fmt.Errorf("Name is required")
 )
 // CreateOpts contains all the values needed to create a new security group.
 type CreateOpts struct {
 	// Required. Human-readable name for the VIP. Does not have to be unique.
 	Name string
 	// Required for admins. Indicates the owner of the VIP.
 	TenantID string
 	// Optional. Describes the security group.
 	Description string
 }
 // Create is an operation which provisions a new security group with default
 // security group rules for the IPv4 and IPv6 ether types.
 func Create(c *gophercloud.ServiceClient, opts CreateOpts) CreateResult {
 	var res CreateResult
 	// Validate required opts
 	if opts.Name == "" {
 		res.Err = errNameRequired
 		return res
 	}
 	type secgroup struct {
 		Name        string `json:"name"`
 		TenantID    string `json:"tenant_id,omitempty"`
 		Description string `json:"description,omitempty"`
 	}
 	type request struct {
 		SecGroup secgroup `json:"security_group"`
 	}
 	reqBody := request{SecGroup: secgroup{
 		Name:        opts.Name,
 		TenantID:    opts.TenantID,
 		Description: opts.Description,
 	}}
 	_, res.Err = c.Post(rootURL(c), reqBody, &res.Body, nil)
 	return res
 }
 // Get retrieves a particular security group based on its unique ID.
 func Get(c *gophercloud.ServiceClient, id string) GetResult {
 	var res GetResult
 	_, res.Err = c.Get(resourceURL(c, id), &res.Body, nil)
 	return res
 }
 // Delete will permanently delete a particular security group based on its unique ID.
 func Delete(c *gophercloud.ServiceClient, id string) DeleteResult {
 	var res DeleteResult
 	_, res.Err = c.Delete(resourceURL(c, id), nil)
 	return res
 }
 // IDFromName is a convenience function that returns a security group's ID given its name.
 func IDFromName(client *gophercloud.ServiceClient, name string) (string, error) {
 	securityGroupCount := 0
 	securityGroupID := ""
 	if name == "" {
 		return "", fmt.Errorf("A security group name must be provided.")
 	}
 	pager := List(client, ListOpts{})
 	pager.EachPage(func(page pagination.Page) (bool, error) {
 		securityGroupList, err := ExtractGroups(page)
 		if err != nil {
 			return false, err
 		}
 		for _, s := range securityGroupList {
 			if s.Name == name {
 				securityGroupCount++
 				securityGroupID = s.ID
 			}
 		}
 		return true, nil
 	})
 	switch securityGroupCount {
 	case 0:
 		return "", fmt.Errorf("Unable to find security group: %s", name)
 	case 1:
 		return securityGroupID, nil
 	default:
 		return "", fmt.Errorf("Found %d security groups matching %s", securityGroupCount, name)
 	}
 }
--- a/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/groups/results.go
+++ b/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/groups/results.go
@ -0,0 +1,108 @@
 package groups
 import (
 	"github.com/mitchellh/mapstructure"
 	"github.com/rackspace/gophercloud"
 	"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/rules"
 	"github.com/rackspace/gophercloud/pagination"
 )
 // SecGroup represents a container for security group rules.
 type SecGroup struct {
 	// The UUID for the security group.
 	ID string
 	// Human-readable name for the security group. Might not be unique. Cannot be
 	// named "default" as that is automatically created for a tenant.
 	Name string
 	// The security group description.
 	Description string
 	// A slice of security group rules that dictate the permitted behaviour for
 	// traffic entering and leaving the group.
 	Rules []rules.SecGroupRule `json:"security_group_rules" mapstructure:"security_group_rules"`
 	// Owner of the security group. Only admin users can specify a TenantID
 	// other than their own.
 	TenantID string `json:"tenant_id" mapstructure:"tenant_id"`
 }
 // SecGroupPage is the page returned by a pager when traversing over a
 // collection of security groups.
 type SecGroupPage struct {
 	pagination.LinkedPageBase
 }
 // NextPageURL is invoked when a paginated collection of security groups has
 // reached the end of a page and the pager seeks to traverse over a new one. In
 // order to do this, it needs to construct the next page's URL.
 func (p SecGroupPage) NextPageURL() (string, error) {
 	type resp struct {
 		Links []gophercloud.Link `mapstructure:"security_groups_links"`
 	}
 	var r resp
 	err := mapstructure.Decode(p.Body, &r)
 	if err != nil {
 		return "", err
 	}
 	return gophercloud.ExtractNextURL(r.Links)
 }
 // IsEmpty checks whether a SecGroupPage struct is empty.
 func (p SecGroupPage) IsEmpty() (bool, error) {
 	is, err := ExtractGroups(p)
 	if err != nil {
 		return true, nil
 	}
 	return len(is) == 0, nil
 }
 // ExtractGroups accepts a Page struct, specifically a SecGroupPage struct,
 // and extracts the elements into a slice of SecGroup structs. In other words,
 // a generic collection is mapped into a relevant slice.
 func ExtractGroups(page pagination.Page) ([]SecGroup, error) {
 	var resp struct {
 		SecGroups []SecGroup `mapstructure:"security_groups" json:"security_groups"`
 	}
 	err := mapstructure.Decode(page.(SecGroupPage).Body, &resp)
 	return resp.SecGroups, err
 }
 type commonResult struct {
 	gophercloud.Result
 }
 // Extract is a function that accepts a result and extracts a security group.
 func (r commonResult) Extract() (*SecGroup, error) {
 	if r.Err != nil {
 		return nil, r.Err
 	}
 	var res struct {
 		SecGroup *SecGroup `mapstructure:"security_group" json:"security_group"`
 	}
 	err := mapstructure.Decode(r.Body, &res)
 	return res.SecGroup, err
 }
 // CreateResult represents the result of a create operation.
 type CreateResult struct {
 	commonResult
 }
 // GetResult represents the result of a get operation.
 type GetResult struct {
 	commonResult
 }
 // DeleteResult represents the result of a delete operation.
 type DeleteResult struct {
 	gophercloud.ErrResult
 }
--- a/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/groups/urls.go
+++ b/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/groups/urls.go
@ -0,0 +1,13 @@
 package groups
 import "github.com/rackspace/gophercloud"
 const rootPath = "security-groups"
 func rootURL(c *gophercloud.ServiceClient) string {
 	return c.ServiceURL(rootPath)
 }
 func resourceURL(c *gophercloud.ServiceClient, id string) string {
 	return c.ServiceURL(rootPath, id)
 }
--- a/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/rules/requests.go
+++ b/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/rules/requests.go
@ -0,0 +1,174 @@
 package rules
 import (
 	"fmt"
 	"github.com/rackspace/gophercloud"
 	"github.com/rackspace/gophercloud/pagination"
 )
 // ListOpts allows the filtering and sorting of paginated collections through
 // the API. Filtering is achieved by passing in struct field values that map to
 // the security group attributes you want to see returned. SortKey allows you to
 // sort by a particular network attribute. SortDir sets the direction, and is
 // either `asc' or `desc'. Marker and Limit are used for pagination.
 type ListOpts struct {
 	Direction      string `q:"direction"`
 	EtherType      string `q:"ethertype"`
 	ID             string `q:"id"`
 	PortRangeMax   int    `q:"port_range_max"`
 	PortRangeMin   int    `q:"port_range_min"`
 	Protocol       string `q:"protocol"`
 	RemoteGroupID  string `q:"remote_group_id"`
 	RemoteIPPrefix string `q:"remote_ip_prefix"`
 	SecGroupID     string `q:"security_group_id"`
 	TenantID       string `q:"tenant_id"`
 	Limit          int    `q:"limit"`
 	Marker         string `q:"marker"`
 	SortKey        string `q:"sort_key"`
 	SortDir        string `q:"sort_dir"`
 }
 // List returns a Pager which allows you to iterate over a collection of
 // security group rules. It accepts a ListOpts struct, which allows you to filter
 // and sort the returned collection for greater efficiency.
 func List(c *gophercloud.ServiceClient, opts ListOpts) pagination.Pager {
 	q, err := gophercloud.BuildQueryString(&opts)
 	if err != nil {
 		return pagination.Pager{Err: err}
 	}
 	u := rootURL(c) + q.String()
 	return pagination.NewPager(c, u, func(r pagination.PageResult) pagination.Page {
 		return SecGroupRulePage{pagination.LinkedPageBase{PageResult: r}}
 	})
 }
 // Errors
 var (
 	errValidDirectionRequired = fmt.Errorf("A valid Direction is required")
 	errValidEtherTypeRequired = fmt.Errorf("A valid EtherType is required")
 	errSecGroupIDRequired     = fmt.Errorf("A valid SecGroupID is required")
 	errValidProtocolRequired  = fmt.Errorf("A valid Protocol is required")
 )
 // Constants useful for CreateOpts
 const (
 	DirIngress   = "ingress"
 	DirEgress    = "egress"
 	Ether4       = "IPv4"
 	Ether6       = "IPv6"
 	ProtocolTCP  = "tcp"
 	ProtocolUDP  = "udp"
 	ProtocolICMP = "icmp"
 )
 // CreateOpts contains all the values needed to create a new security group rule.
 type CreateOpts struct {
 	// Required. Must be either "ingress" or "egress": the direction in which the
 	// security group rule is applied.
 	Direction string
 	// Required. Must be "IPv4" or "IPv6", and addresses represented in CIDR must
 	// match the ingress or egress rules.
 	EtherType string
 	// Required. The security group ID to associate with this security group rule.
 	SecGroupID string
 	// Optional. The maximum port number in the range that is matched by the
 	// security group rule. The PortRangeMin attribute constrains the PortRangeMax
 	// attribute. If the protocol is ICMP, this value must be an ICMP type.
 	PortRangeMax int
 	// Optional. The minimum port number in the range that is matched by the
 	// security group rule. If the protocol is TCP or UDP, this value must be
 	// less than or equal to the value of the PortRangeMax attribute. If the
 	// protocol is ICMP, this value must be an ICMP type.
 	PortRangeMin int
 	// Optional. The protocol that is matched by the security group rule. Valid
 	// values are "tcp", "udp", "icmp" or an empty string.
 	Protocol string
 	// Optional. The remote group ID to be associated with this security group
 	// rule. You can specify either RemoteGroupID or RemoteIPPrefix.
 	RemoteGroupID string
 	// Optional. The remote IP prefix to be associated with this security group
 	// rule. You can specify either RemoteGroupID or RemoteIPPrefix. This
 	// attribute matches the specified IP prefix as the source IP address of the
 	// IP packet.
 	RemoteIPPrefix string
 	// Required for admins. Indicates the owner of the VIP.
 	TenantID string
 }
 // Create is an operation which adds a new security group rule and associates it
 // with an existing security group (whose ID is specified in CreateOpts).
 func Create(c *gophercloud.ServiceClient, opts CreateOpts) CreateResult {
 	var res CreateResult
 	// Validate required opts
 	if opts.Direction != DirIngress && opts.Direction != DirEgress {
 		res.Err = errValidDirectionRequired
 		return res
 	}
 	if opts.EtherType != Ether4 && opts.EtherType != Ether6 {
 		res.Err = errValidEtherTypeRequired
 		return res
 	}
 	if opts.SecGroupID == "" {
 		res.Err = errSecGroupIDRequired
 		return res
 	}
 	if opts.Protocol != "" && opts.Protocol != ProtocolTCP && opts.Protocol != ProtocolUDP && opts.Protocol != ProtocolICMP {
 		res.Err = errValidProtocolRequired
 		return res
 	}
 	type secrule struct {
 		Direction      string `json:"direction"`
 		EtherType      string `json:"ethertype"`
 		SecGroupID     string `json:"security_group_id"`
 		PortRangeMax   int    `json:"port_range_max,omitempty"`
 		PortRangeMin   int    `json:"port_range_min,omitempty"`
 		Protocol       string `json:"protocol,omitempty"`
 		RemoteGroupID  string `json:"remote_group_id,omitempty"`
 		RemoteIPPrefix string `json:"remote_ip_prefix,omitempty"`
 		TenantID       string `json:"tenant_id,omitempty"`
 	}
 	type request struct {
 		SecRule secrule `json:"security_group_rule"`
 	}
 	reqBody := request{SecRule: secrule{
 		Direction:      opts.Direction,
 		EtherType:      opts.EtherType,
 		SecGroupID:     opts.SecGroupID,
 		PortRangeMax:   opts.PortRangeMax,
 		PortRangeMin:   opts.PortRangeMin,
 		Protocol:       opts.Protocol,
 		RemoteGroupID:  opts.RemoteGroupID,
 		RemoteIPPrefix: opts.RemoteIPPrefix,
 		TenantID:       opts.TenantID,
 	}}
 	_, res.Err = c.Post(rootURL(c), reqBody, &res.Body, nil)
 	return res
 }
 // Get retrieves a particular security group rule based on its unique ID.
 func Get(c *gophercloud.ServiceClient, id string) GetResult {
 	var res GetResult
 	_, res.Err = c.Get(resourceURL(c, id), &res.Body, nil)
 	return res
 }
 // Delete will permanently delete a particular security group rule based on its unique ID.
 func Delete(c *gophercloud.ServiceClient, id string) DeleteResult {
 	var res DeleteResult
 	_, res.Err = c.Delete(resourceURL(c, id), nil)
 	return res
 }
--- a/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/rules/results.go
+++ b/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/rules/results.go
@ -0,0 +1,133 @@
 package rules
 import (
 	"github.com/mitchellh/mapstructure"
 	"github.com/rackspace/gophercloud"
 	"github.com/rackspace/gophercloud/pagination"
 )
 // SecGroupRule represents a rule to dictate the behaviour of incoming or
 // outgoing traffic for a particular security group.
 type SecGroupRule struct {
 	// The UUID for this security group rule.
 	ID string
 	// The direction in which the security group rule is applied. The only values
 	// allowed are "ingress" or "egress". For a compute instance, an ingress
 	// security group rule is applied to incoming (ingress) traffic for that
 	// instance. An egress rule is applied to traffic leaving the instance.
 	Direction string
 	// Must be IPv4 or IPv6, and addresses represented in CIDR must match the
 	// ingress or egress rules.
 	EtherType string `json:"ethertype" mapstructure:"ethertype"`
 	// The security group ID to associate with this security group rule.
 	SecGroupID string `json:"security_group_id" mapstructure:"security_group_id"`
 	// The minimum port number in the range that is matched by the security group
 	// rule. If the protocol is TCP or UDP, this value must be less than or equal
 	// to the value of the PortRangeMax attribute. If the protocol is ICMP, this
 	// value must be an ICMP type.
 	PortRangeMin int `json:"port_range_min" mapstructure:"port_range_min"`
 	// The maximum port number in the range that is matched by the security group
 	// rule. The PortRangeMin attribute constrains the PortRangeMax attribute. If
 	// the protocol is ICMP, this value must be an ICMP type.
 	PortRangeMax int `json:"port_range_max" mapstructure:"port_range_max"`
 	// The protocol that is matched by the security group rule. Valid values are
 	// "tcp", "udp", "icmp" or an empty string.
 	Protocol string
 	// The remote group ID to be associated with this security group rule. You
 	// can specify either RemoteGroupID or RemoteIPPrefix.
 	RemoteGroupID string `json:"remote_group_id" mapstructure:"remote_group_id"`
 	// The remote IP prefix to be associated with this security group rule. You
 	// can specify either RemoteGroupID or RemoteIPPrefix . This attribute
 	// matches the specified IP prefix as the source IP address of the IP packet.
 	RemoteIPPrefix string `json:"remote_ip_prefix" mapstructure:"remote_ip_prefix"`
 	// The owner of this security group rule.
 	TenantID string `json:"tenant_id" mapstructure:"tenant_id"`
 }
 // SecGroupRulePage is the page returned by a pager when traversing over a
 // collection of security group rules.
 type SecGroupRulePage struct {
 	pagination.LinkedPageBase
 }
 // NextPageURL is invoked when a paginated collection of security group rules has
 // reached the end of a page and the pager seeks to traverse over a new one. In
 // order to do this, it needs to construct the next page's URL.
 func (p SecGroupRulePage) NextPageURL() (string, error) {
 	type resp struct {
 		Links []gophercloud.Link `mapstructure:"security_group_rules_links"`
 	}
 	var r resp
 	err := mapstructure.Decode(p.Body, &r)
 	if err != nil {
 		return "", err
 	}
 	return gophercloud.ExtractNextURL(r.Links)
 }
 // IsEmpty checks whether a SecGroupRulePage struct is empty.
 func (p SecGroupRulePage) IsEmpty() (bool, error) {
 	is, err := ExtractRules(p)
 	if err != nil {
 		return true, nil
 	}
 	return len(is) == 0, nil
 }
 // ExtractRules accepts a Page struct, specifically a SecGroupRulePage struct,
 // and extracts the elements into a slice of SecGroupRule structs. In other words,
 // a generic collection is mapped into a relevant slice.
 func ExtractRules(page pagination.Page) ([]SecGroupRule, error) {
 	var resp struct {
 		SecGroupRules []SecGroupRule `mapstructure:"security_group_rules" json:"security_group_rules"`
 	}
 	err := mapstructure.Decode(page.(SecGroupRulePage).Body, &resp)
 	return resp.SecGroupRules, err
 }
 type commonResult struct {
 	gophercloud.Result
 }
 // Extract is a function that accepts a result and extracts a security rule.
 func (r commonResult) Extract() (*SecGroupRule, error) {
 	if r.Err != nil {
 		return nil, r.Err
 	}
 	var res struct {
 		SecGroupRule *SecGroupRule `mapstructure:"security_group_rule" json:"security_group_rule"`
 	}
 	err := mapstructure.Decode(r.Body, &res)
 	return res.SecGroupRule, err
 }
 // CreateResult represents the result of a create operation.
 type CreateResult struct {
 	commonResult
 }
 // GetResult represents the result of a get operation.
 type GetResult struct {
 	commonResult
 }
 // DeleteResult represents the result of a delete operation.
 type DeleteResult struct {
 	gophercloud.ErrResult
 }
--- a/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/rules/urls.go
+++ b/vendor/github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security/rules/urls.go
@ -0,0 +1,13 @@
 package rules
 import "github.com/rackspace/gophercloud"
 const rootPath = "security-group-rules"
 func rootURL(c *gophercloud.ServiceClient) string {
 	return c.ServiceURL(rootPath)
 }
 func resourceURL(c *gophercloud.ServiceClient, id string) string {
 	return c.ServiceURL(rootPath, id)
 }
--- a/website/source/docs/providers/openstack/r/networking_secgroup_rule_v2.html.markdown
+++ b/website/source/docs/providers/openstack/r/networking_secgroup_rule_v2.html.markdown
@ -0,0 +1,89 @@
 ---
 layout: "openstack"
 page_title: "OpenStack: openstack_networking_secgroup_rule_v2"
 sidebar_current: "docs-openstack-resource-networking-secgroup-rule-v2"
 description: |-
  Manages a V2 Neutron security group rule resource within OpenStack.
 ---
 # openstack\_networking\_secgroup\_rule_v2
 Manages a V2 neutron security group rule resource within OpenStack.
 Unlike Nova security groups, neutron separates the group from the rules
 and also allows an admin to target a specific tenant_id.
 ## Example Usage
 ```
 resource "openstack_networking_secgroup_v2" "secgroup_1" {
  name = "secgroup_1"
  description = "My neutron security group"
 }
 resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" {
  direction = "ingress"
  ethertype = "IPv4"
  protocol = "tcp"
  port_range_min = 22
  port_range_max = 22
  remote_ip_prefix = "0.0.0.0/0"
  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
 }
 ```
 ## Argument Reference
 The following arguments are supported:
 * `region` - (Required) The region in which to obtain the V2 networking client.
    A networking client is needed to create a port. If omitted, the
    `OS_REGION_NAME` environment variable is used. Changing this creates a new
    security group rule.
 * `direction` - (Required) The direction of the rule, valid values are __ingress__
    or __egress__. Changing this creates a new security group rule.
 * `ethertype` - (Required) The layer 3 protocol type, valid values are __IPv4__
    or __IPv6__. Changing this creates a new security group rule.
 * `protocol` - (Optional) The layer 4 protocol type, valid values are __tcp__,
    __udp__ or __icmp__. This is required if you want to specify a port range.
    Changing this creates a new security group rule.
 * `port_range_min` - (Optional) The lower part of the allowed port range, valid
    integer value needs to be between 1 and 65535. Changing this creates a new
    security group rule.
 * `port_range_max` - (Optional) The higher part of the allowed port range, valid
    integer value needs to be between 1 and 65535. Changing this creates a new
    security group rule.
 * `remote_ip_prefix` - (Optional) The remote CIDR, the value needs to be a valid
    CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
 * `remote_group_id` - (Optional) The remote group id, the value needs to be an
    Openstack ID of a security group in the same tenant. Changing this creates
    a new security group rule.
 * `security_group_id` - (Required) The security group id the rule shoudl belong
    to, the value needs to be an Openstack ID of a security group in the same
    tenant. Changing this creates a new security group rule.
 * `tenant_id` - (Optional) The owner of the security group. Required if admin
    wants to create a port for another tenant. Changing this creates a new
    security group rule.
 ## Attributes Reference
 The following attributes are exported:
 * `region` - See Argument Reference above.
 * `direction` - See Argument Reference above.
 * `ethertype` - See Argument Reference above.
 * `protocol` - See Argument Reference above.
 * `port_range_min` - See Argument Reference above.
 * `port_range_max` - See Argument Reference above.
 * `remote_ip_prefix` - See Argument Reference above.
 * `remote_group_id` - See Argument Reference above.
 * `security_group_id` - See Argument Reference above.
 * `tenant_id` - See Argument Reference above.
--- a/website/source/docs/providers/openstack/r/networking_secgroup_v2.html.markdown
+++ b/website/source/docs/providers/openstack/r/networking_secgroup_v2.html.markdown
@ -0,0 +1,50 @@
 ---
 layout: "openstack"
 page_title: "OpenStack: openstack_networking_secgroup_v2"
 sidebar_current: "docs-openstack-resource-networking-secgroup-v2"
 description: |-
  Manages a V2 Neutron security group resource within OpenStack.
 ---
 # openstack\_networking\_secgroup_v2
 Manages a V2 neutron security group resource within OpenStack.
 Unlike Nova security groups, neutron separates the group from the rules
 and also allows an admin to target a specific tenant_id.
 ## Example Usage
 ```
 resource "openstack_networking_secgroup_v2" "secgroup_1" {
  name = "secgroup_1"
  description = "My neutron security group"
 }
 ```
 ## Argument Reference
 The following arguments are supported:
 * `region` - (Required) The region in which to obtain the V2 networking client.
    A networking client is needed to create a port. If omitted, the
    `OS_REGION_NAME` environment variable is used. Changing this creates a new
    security group.
 * `name` - (Required) A unique name for the security group. Changing this
    creates a new security group.
 * `description` - (Optional) A unique name for the security group. Changing this
    creates a new security group.
 * `tenant_id` - (Optional) The owner of the security group. Required if admin
    wants to create a port for another tenant. Changing this creates a new
    security group.
 ## Attributes Reference
 The following attributes are exported:
 * `region` - See Argument Reference above.
 * `name` - See Argument Reference above.
 * `description` - See Argument Reference above.
 * `tenant_id` - See Argument Reference above.
--- a/website/source/layouts/openstack.erb
+++ b/website/source/layouts/openstack.erb
@ -64,6 +64,12 @@
            <li<%= sidebar_current("docs-openstack-resource-networking-subnet-v2") %>>
              <a href="/docs/providers/openstack/r/networking_subnet_v2.html">openstack_networking_subnet_v2</a>
            </li>
            <li<%= sidebar_current("docs-openstack-resource-networking-secgroup-v2") %>>
              <a href="/docs/providers/openstack/r/networking_secgroup_v2.html">openstack_networking_secgroup_v2</a>
            </li>
            <li<%= sidebar_current("docs-openstack-resource-networking-secgroup-rule-v2") %>>
              <a href="/docs/providers/openstack/r/networking_secgroup_rule_v2.html">openstack_networking_secgroup_rule_v2</a>
            </li>
          </ul>
        </li>