ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

provider/openstack: Allow any protocol in openstack_fw_rule_v1 

This commit allows a protocol of "any" to be used in the firewall
rule resource, which will allow any protocol.
This commit is contained in:
Joe Topjian 2016-10-26 02:14:08 +00:00
parent aaff62242d
commit d7bd40100c
3 changed files with 64 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
builtin/providers/openstack/resource_openstack_fw_rule_v1.go
View File

@ -88,11 +88,12 @@ func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error {
enabled := d.Get("enabled").(bool) enabled := d.Get("enabled").(bool)
ipVersion := resourceFWRuleV1DetermineIPVersion(d.Get("ip_version").(int)) ipVersion := resourceFWRuleV1DetermineIPVersion(d.Get("ip_version").(int))
protocol := resourceFWRuleV1DetermineProtocol(d.Get("protocol").(string))
ruleConfiguration := rules.CreateOpts{ ruleConfiguration := rules.CreateOpts{
Name: d.Get("name").(string), Name: d.Get("name").(string),
Description: d.Get("description").(string), Description: d.Get("description").(string),
Protocol: d.Get("protocol").(string), Protocol: protocol,
Action: d.Get("action").(string), Action: d.Get("action").(string),
IPVersion: ipVersion, IPVersion: ipVersion,
SourceIPAddress: d.Get("source_ip_address").(string), SourceIPAddress: d.Get("source_ip_address").(string),
@ -103,11 +104,6 @@ func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error {
TenantID: d.Get("tenant_id").(string), TenantID: d.Get("tenant_id").(string),
} }
if v, ok := d.GetOk("ip_version"); ok {
ipVersion := resourceFWRuleV1DetermineIPVersion(v.(int))
ruleConfiguration.IPVersion = ipVersion
}
log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration) log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration)
rule, err := rules.Create(networkingClient, ruleConfiguration).Extract() rule, err := rules.Create(networkingClient, ruleConfiguration).Extract()
@ -139,7 +135,6 @@ func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error {
log.Printf("[DEBUG] Read OpenStack Firewall Rule %s: %#v", d.Id(), rule) log.Printf("[DEBUG] Read OpenStack Firewall Rule %s: %#v", d.Id(), rule)
d.Set("protocol", rule.Protocol)
d.Set("action", rule.Action) d.Set("action", rule.Action)
d.Set("name", rule.Name) d.Set("name", rule.Name)
d.Set("description", rule.Description) d.Set("description", rule.Description)
@ -150,6 +145,12 @@ func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error {
d.Set("destination_port", rule.DestinationPort) d.Set("destination_port", rule.DestinationPort)
d.Set("enabled", rule.Enabled) d.Set("enabled", rule.Enabled)
if rule.Protocol == "" {
d.Set("protocol", "any")
} else {
d.Set("protocol", rule.Protocol)
}
return nil return nil
} }
@ -259,3 +260,19 @@ func resourceFWRuleV1DetermineIPVersion(ipv int) gophercloud.IPVersion {
return ipVersion return ipVersion
} }
func resourceFWRuleV1DetermineProtocol(p string) rules.Protocol {
var protocol rules.Protocol
switch p {
case "any":
protocol = rules.ProtocolAny
case "icmp":
protocol = rules.ProtocolICMP
case "tcp":
protocol = rules.ProtocolTCP
case "udp":
protocol = rules.ProtocolUDP
}
return protocol
}

38
builtin/providers/openstack/resource_openstack_fw_rule_v1_test.go
View File

@ -73,6 +73,32 @@ func TestAccFWRuleV1_basic(t *testing.T) {
}) })
} }
func TestAccFWRuleV1_anyProtocol(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckFWRuleV1Destroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testFirewallRuleAnyProtocol,
Check: resource.ComposeTestCheckFunc(
testAccCheckFWRuleV1Exists(
"openstack_fw_rule_v1.rule_1",
&rules.Rule{
Name: "rule_1",
Description: "Allow any protocol",
Protocol: "",
Action: "allow",
IPVersion: 4,
SourceIPAddress: "192.168.199.0/24",
Enabled: true,
}),
),
},
},
})
}
func testAccCheckFWRuleV1Destroy(s *terraform.State) error { func testAccCheckFWRuleV1Destroy(s *terraform.State) error {
config := testAccProvider.Meta().(*Config) config := testAccProvider.Meta().(*Config)
@ -178,3 +204,15 @@ resource "openstack_fw_rule_v1" "accept_test" {
enabled = false enabled = false
} }
` `
const testFirewallRuleAnyProtocol = `
resource "openstack_fw_rule_v1" "rule_1" {
name = "rule_1"
description = "Allow any protocol"
protocol = "any"
action = "allow"
ip_version = 4
source_ip_address = "192.168.199.0/24"
enabled = true
}
`

3
website/source/docs/providers/openstack/r/fw_rule_v1.html.markdown
View File

@ -39,7 +39,8 @@ The following arguments are supported:
updates the `description` of an existing firewall rule. updates the `description` of an existing firewall rule.
* `protocol` - (Required) The protocol type on which the firewall rule operates. * `protocol` - (Required) The protocol type on which the firewall rule operates.
Changing this updates the `protocol` of an existing firewall rule. Valid values are: `tcp`, `udp`, `icmp`, and `any`. Changing this updates the
`protocol` of an existing firewall rule.
* `action` - (Required) Action to be taken ( must be "allow" or "deny") when the * `action` - (Required) Action to be taken ( must be "allow" or "deny") when the
firewall rule matches. Changing this updates the `action` of an existing firewall rule matches. Changing this updates the `action` of an existing