Improve performance all firewall related resources
This commit is contained in:
Sander van Harmelen
parent
bd23ab35bf
commit
a3eae45b32
|
|
@ -203,6 +203,22 @@ func resourceCloudStackEgressFirewallCreateRule(
|
||||||
func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface{}) error {
|
func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface{}) error {
|
||||||
cs := meta.(*cloudstack.CloudStackClient)
|
cs := meta.(*cloudstack.CloudStackClient)
|
||||||
|
|
||||||
|
// Get all the rules from the running environment
|
||||||
|
p := cs.Firewall.NewListEgressFirewallRulesParams()
|
||||||
|
p.SetNetworkid(d.Id())
|
||||||
|
p.SetListall(true)
|
||||||
|
|
||||||
|
l, err := cs.Firewall.ListEgressFirewallRules(p)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make a map of all the rules so we can easily find a rule
|
||||||
|
ruleMap := make(map[string]*cloudstack.EgressFirewallRule, l.Count)
|
||||||
|
for _, r := range l.EgressFirewallRules {
|
||||||
|
ruleMap[r.Id] = r
|
||||||
|
}
|
||||||
|
|
||||||
// Create an empty schema.Set to hold all rules
|
// Create an empty schema.Set to hold all rules
|
||||||
rules := &schema.Set{
|
rules := &schema.Set{
|
||||||
F: resourceCloudStackEgressFirewallRuleHash,
|
F: resourceCloudStackEgressFirewallRuleHash,
|
||||||
|
|
@ -221,16 +237,14 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the rule
|
// Get the rule
|
||||||
r, count, err := cs.Firewall.GetEgressFirewallRuleByID(id.(string))
|
r, ok := ruleMap[id.(string)]
|
||||||
// If the count == 0, there is no object found for this ID
|
if !ok {
|
||||||
if err != nil {
|
|
||||||
if count == 0 {
|
|
||||||
delete(uuids, "icmp")
|
delete(uuids, "icmp")
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
// Delete the known rule so only unknown rules remain in the ruleMap
|
||||||
}
|
delete(ruleMap, id.(string))
|
||||||
|
|
||||||
// Update the values
|
// Update the values
|
||||||
rule["source_cidr"] = r.Cidrlist
|
rule["source_cidr"] = r.Cidrlist
|
||||||
|
|
@ -259,15 +273,14 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the rule
|
// Get the rule
|
||||||
r, count, err := cs.Firewall.GetEgressFirewallRuleByID(id.(string))
|
r, ok := ruleMap[id.(string)]
|
||||||
if err != nil {
|
if !ok {
|
||||||
if count == 0 {
|
|
||||||
delete(uuids, port.(string))
|
delete(uuids, port.(string))
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
// Delete the known rule so only unknown rules remain in the ruleMap
|
||||||
}
|
delete(ruleMap, id.(string))
|
||||||
|
|
||||||
// Update the values
|
// Update the values
|
||||||
rule["source_cidr"] = r.Cidrlist
|
rule["source_cidr"] = r.Cidrlist
|
||||||
|
|
@ -287,44 +300,23 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
|
||||||
|
|
||||||
// If this is a managed firewall, add all unknown rules into a single dummy rule
|
// If this is a managed firewall, add all unknown rules into a single dummy rule
|
||||||
managed := d.Get("managed").(bool)
|
managed := d.Get("managed").(bool)
|
||||||
if managed {
|
if managed && len(ruleMap) > 0 {
|
||||||
// Get all the rules from the running environment
|
// Add all UUIDs to a uuids map
|
||||||
p := cs.Firewall.NewListEgressFirewallRulesParams()
|
uuids := make(map[string]interface{}, len(ruleMap))
|
||||||
p.SetNetworkid(d.Id())
|
for uuid := range ruleMap {
|
||||||
p.SetListall(true)
|
uuids[uuid] = uuid
|
||||||
|
|
||||||
r, err := cs.Firewall.ListEgressFirewallRules(p)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add all UUIDs to the uuids map
|
|
||||||
uuids := make(map[string]interface{}, len(r.EgressFirewallRules))
|
|
||||||
for _, r := range r.EgressFirewallRules {
|
|
||||||
uuids[r.Id] = r.Id
|
|
||||||
}
|
|
||||||
|
|
||||||
// Delete all expected UUIDs from the uuids map
|
|
||||||
for _, rule := range rules.List() {
|
|
||||||
rule := rule.(map[string]interface{})
|
|
||||||
|
|
||||||
for _, id := range rule["uuids"].(map[string]interface{}) {
|
|
||||||
delete(uuids, id.(string))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(uuids) > 0 {
|
|
||||||
// Make a dummy rule to hold all unknown UUIDs
|
// Make a dummy rule to hold all unknown UUIDs
|
||||||
rule := map[string]interface{}{
|
rule := map[string]interface{}{
|
||||||
"source_cidr": "N/A",
|
"source_cidr": "N/A",
|
||||||
"protocol": "N/A",
|
"protocol": "N/A",
|
||||||
"uuids": uuids,
|
"uuids": ruleMap,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add the dummy rule to the rules set
|
// Add the dummy rule to the rules set
|
||||||
rules.Add(rule)
|
rules.Add(rule)
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if rules.Len() > 0 {
|
if rules.Len() > 0 {
|
||||||
d.Set("rule", rules)
|
d.Set("rule", rules)
|
||||||
|
|
|
||||||
|
|
@ -203,6 +203,22 @@ func resourceCloudStackFirewallCreateRule(
|
||||||
func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) error {
|
func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) error {
|
||||||
cs := meta.(*cloudstack.CloudStackClient)
|
cs := meta.(*cloudstack.CloudStackClient)
|
||||||
|
|
||||||
|
// Get all the rules from the running environment
|
||||||
|
p := cs.Firewall.NewListFirewallRulesParams()
|
||||||
|
p.SetIpaddressid(d.Id())
|
||||||
|
p.SetListall(true)
|
||||||
|
|
||||||
|
l, err := cs.Firewall.ListFirewallRules(p)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make a map of all the rules so we can easily find a rule
|
||||||
|
ruleMap := make(map[string]*cloudstack.FirewallRule, l.Count)
|
||||||
|
for _, r := range l.FirewallRules {
|
||||||
|
ruleMap[r.Id] = r
|
||||||
|
}
|
||||||
|
|
||||||
// Create an empty schema.Set to hold all rules
|
// Create an empty schema.Set to hold all rules
|
||||||
rules := &schema.Set{
|
rules := &schema.Set{
|
||||||
F: resourceCloudStackFirewallRuleHash,
|
F: resourceCloudStackFirewallRuleHash,
|
||||||
|
|
@ -221,16 +237,14 @@ func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) er
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the rule
|
// Get the rule
|
||||||
r, count, err := cs.Firewall.GetFirewallRuleByID(id.(string))
|
r, ok := ruleMap[id.(string)]
|
||||||
// If the count == 0, there is no object found for this ID
|
if !ok {
|
||||||
if err != nil {
|
|
||||||
if count == 0 {
|
|
||||||
delete(uuids, "icmp")
|
delete(uuids, "icmp")
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
// Delete the known rule so only unknown rules remain in the ruleMap
|
||||||
}
|
delete(ruleMap, id.(string))
|
||||||
|
|
||||||
// Update the values
|
// Update the values
|
||||||
rule["source_cidr"] = r.Cidrlist
|
rule["source_cidr"] = r.Cidrlist
|
||||||
|
|
@ -259,15 +273,14 @@ func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) er
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the rule
|
// Get the rule
|
||||||
r, count, err := cs.Firewall.GetFirewallRuleByID(id.(string))
|
r, ok := ruleMap[id.(string)]
|
||||||
if err != nil {
|
if !ok {
|
||||||
if count == 0 {
|
|
||||||
delete(uuids, port.(string))
|
delete(uuids, port.(string))
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
// Delete the known rule so only unknown rules remain in the ruleMap
|
||||||
}
|
delete(ruleMap, id.(string))
|
||||||
|
|
||||||
// Update the values
|
// Update the values
|
||||||
rule["source_cidr"] = r.Cidrlist
|
rule["source_cidr"] = r.Cidrlist
|
||||||
|
|
@ -287,33 +300,13 @@ func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) er
|
||||||
|
|
||||||
// If this is a managed firewall, add all unknown rules into a single dummy rule
|
// If this is a managed firewall, add all unknown rules into a single dummy rule
|
||||||
managed := d.Get("managed").(bool)
|
managed := d.Get("managed").(bool)
|
||||||
if managed {
|
if managed && len(ruleMap) > 0 {
|
||||||
// Get all the rules from the running environment
|
// Add all UUIDs to a uuids map
|
||||||
p := cs.Firewall.NewListFirewallRulesParams()
|
uuids := make(map[string]interface{}, len(ruleMap))
|
||||||
p.SetIpaddressid(d.Id())
|
for uuid := range ruleMap {
|
||||||
p.SetListall(true)
|
uuids[uuid] = uuid
|
||||||
|
|
||||||
r, err := cs.Firewall.ListFirewallRules(p)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add all UUIDs to the uuids map
|
|
||||||
uuids := make(map[string]interface{}, len(r.FirewallRules))
|
|
||||||
for _, r := range r.FirewallRules {
|
|
||||||
uuids[r.Id] = r.Id
|
|
||||||
}
|
|
||||||
|
|
||||||
// Delete all expected UUIDs from the uuids map
|
|
||||||
for _, rule := range rules.List() {
|
|
||||||
rule := rule.(map[string]interface{})
|
|
||||||
|
|
||||||
for _, id := range rule["uuids"].(map[string]interface{}) {
|
|
||||||
delete(uuids, id.(string))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(uuids) > 0 {
|
|
||||||
// Make a dummy rule to hold all unknown UUIDs
|
// Make a dummy rule to hold all unknown UUIDs
|
||||||
rule := map[string]interface{}{
|
rule := map[string]interface{}{
|
||||||
"source_cidr": "N/A",
|
"source_cidr": "N/A",
|
||||||
|
|
@ -324,7 +317,6 @@ func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) er
|
||||||
// Add the dummy rule to the rules set
|
// Add the dummy rule to the rules set
|
||||||
rules.Add(rule)
|
rules.Add(rule)
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if rules.Len() > 0 {
|
if rules.Len() > 0 {
|
||||||
d.Set("rule", rules)
|
d.Set("rule", rules)
|
||||||
|
|
|
||||||
|
|
@ -228,6 +228,22 @@ func resourceCloudStackNetworkACLRuleCreateRule(
|
||||||
func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface{}) error {
|
func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface{}) error {
|
||||||
cs := meta.(*cloudstack.CloudStackClient)
|
cs := meta.(*cloudstack.CloudStackClient)
|
||||||
|
|
||||||
|
// Get all the rules from the running environment
|
||||||
|
p := cs.NetworkACL.NewListNetworkACLsParams()
|
||||||
|
p.SetAclid(d.Id())
|
||||||
|
p.SetListall(true)
|
||||||
|
|
||||||
|
l, err := cs.NetworkACL.ListNetworkACLs(p)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make a map of all the rules so we can easily find a rule
|
||||||
|
ruleMap := make(map[string]*cloudstack.NetworkACL, l.Count)
|
||||||
|
for _, r := range l.NetworkACLs {
|
||||||
|
ruleMap[r.Id] = r
|
||||||
|
}
|
||||||
|
|
||||||
// Create an empty schema.Set to hold all rules
|
// Create an empty schema.Set to hold all rules
|
||||||
rules := &schema.Set{
|
rules := &schema.Set{
|
||||||
F: resourceCloudStackNetworkACLRuleHash,
|
F: resourceCloudStackNetworkACLRuleHash,
|
||||||
|
|
@ -246,16 +262,14 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the rule
|
// Get the rule
|
||||||
r, count, err := cs.NetworkACL.GetNetworkACLByID(id.(string))
|
r, ok := ruleMap[id.(string)]
|
||||||
// If the count == 0, there is no object found for this ID
|
if !ok {
|
||||||
if err != nil {
|
|
||||||
if count == 0 {
|
|
||||||
delete(uuids, "icmp")
|
delete(uuids, "icmp")
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
// Delete the known rule so only unknown rules remain in the ruleMap
|
||||||
}
|
delete(ruleMap, id.(string))
|
||||||
|
|
||||||
// Update the values
|
// Update the values
|
||||||
rule["action"] = strings.ToLower(r.Action)
|
rule["action"] = strings.ToLower(r.Action)
|
||||||
|
|
@ -274,16 +288,14 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the rule
|
// Get the rule
|
||||||
r, count, err := cs.NetworkACL.GetNetworkACLByID(id.(string))
|
r, ok := ruleMap[id.(string)]
|
||||||
// If the count == 0, there is no object found for this ID
|
if !ok {
|
||||||
if err != nil {
|
|
||||||
if count == 0 {
|
|
||||||
delete(uuids, "all")
|
delete(uuids, "all")
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
// Delete the known rule so only unknown rules remain in the ruleMap
|
||||||
}
|
delete(ruleMap, id.(string))
|
||||||
|
|
||||||
// Update the values
|
// Update the values
|
||||||
rule["action"] = strings.ToLower(r.Action)
|
rule["action"] = strings.ToLower(r.Action)
|
||||||
|
|
@ -312,15 +324,14 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the rule
|
// Get the rule
|
||||||
r, count, err := cs.NetworkACL.GetNetworkACLByID(id.(string))
|
r, ok := ruleMap[id.(string)]
|
||||||
if err != nil {
|
if !ok {
|
||||||
if count == 0 {
|
|
||||||
delete(uuids, port.(string))
|
delete(uuids, port.(string))
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
// Delete the known rule so only unknown rules remain in the ruleMap
|
||||||
}
|
delete(ruleMap, id.(string))
|
||||||
|
|
||||||
// Update the values
|
// Update the values
|
||||||
rule["action"] = strings.ToLower(r.Action)
|
rule["action"] = strings.ToLower(r.Action)
|
||||||
|
|
@ -342,34 +353,13 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
|
||||||
|
|
||||||
// If this is a managed firewall, add all unknown rules into a single dummy rule
|
// If this is a managed firewall, add all unknown rules into a single dummy rule
|
||||||
managed := d.Get("managed").(bool)
|
managed := d.Get("managed").(bool)
|
||||||
if managed {
|
if managed && len(ruleMap) > 0 {
|
||||||
// Get all the rules from the running environment
|
// Add all UUIDs to a uuids map
|
||||||
p := cs.NetworkACL.NewListNetworkACLsParams()
|
uuids := make(map[string]interface{}, len(ruleMap))
|
||||||
p.SetAclid(d.Id())
|
for uuid := range ruleMap {
|
||||||
p.SetListall(true)
|
uuids[uuid] = uuid
|
||||||
|
|
||||||
r, err := cs.NetworkACL.ListNetworkACLs(p)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add all UUIDs to the uuids map
|
|
||||||
uuids := make(map[string]interface{}, len(r.NetworkACLs))
|
|
||||||
for _, r := range r.NetworkACLs {
|
|
||||||
uuids[r.Id] = r.Id
|
|
||||||
}
|
|
||||||
|
|
||||||
// Delete all expected UUIDs from the uuids map
|
|
||||||
for _, rule := range rules.List() {
|
|
||||||
rule := rule.(map[string]interface{})
|
|
||||||
|
|
||||||
for _, id := range rule["uuids"].(map[string]interface{}) {
|
|
||||||
delete(uuids, id.(string))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(uuids) > 0 {
|
|
||||||
// Make a dummy rule to hold all unknown UUIDs
|
|
||||||
rule := map[string]interface{}{
|
rule := map[string]interface{}{
|
||||||
"source_cidr": "N/A",
|
"source_cidr": "N/A",
|
||||||
"protocol": "N/A",
|
"protocol": "N/A",
|
||||||
|
|
@ -379,7 +369,6 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
|
||||||
// Add the dummy rule to the rules set
|
// Add the dummy rule to the rules set
|
||||||
rules.Add(rule)
|
rules.Add(rule)
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if rules.Len() > 0 {
|
if rules.Len() > 0 {
|
||||||
d.Set("rule", rules)
|
d.Set("rule", rules)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue