ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add security group rules ops to security groups file

This commit is contained in:
Jon Perritt 2015-01-29 21:54:07 -07:00
parent 3a6107d0ab
commit ea7c075273
1 changed files with 117 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
builtin/providers/openstack/resource_openstack_compute_secgroup_v2.go
View File

@ -1,9 +1,11 @@
package openstack package openstack
import ( import (
"bytes"
"fmt" "fmt"
"log" "log"
"github.com/hashicorp/terraform/helper/hashcode"
"github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/schema"
"github.com/rackspace/gophercloud" "github.com/rackspace/gophercloud"
"github.com/rackspace/gophercloud/openstack" "github.com/rackspace/gophercloud/openstack"
@ -34,6 +36,40 @@ func resourceComputeSecGroupV2() *schema.Resource {
Required: true, Required: true,
ForceNew: false, ForceNew: false,
}, },
"rules": &schema.Schema{
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"from_port": &schema.Schema{
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
"to_port": &schema.Schema{
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
"ip_protocol": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"cidr": &schema.Schema{
Type: schema.TypeString,
Optional: true,
ForceNew: true,
},
"from_group_id": &schema.Schema{
Type: schema.TypeString,
Optional: true,
ForceNew: true,
},
},
},
Set: resourceSecGroupRuleHash,
},
}, },
} }
} }
@ -59,6 +95,14 @@ func resourceComputeSecGroupV2Create(d *schema.ResourceData, meta interface{}) e
d.SetId(sg.ID) d.SetId(sg.ID)
createRuleOptsList := resourceSecGroupRulesV2(d)
for _, createRuleOpts := range createRuleOptsList {
_, err := secgroups.CreateRule(computeClient, createRuleOpts).Extract()
if err != nil {
return fmt.Errorf("Error creating OpenStack security group rule: %s", err)
}
}
return resourceComputeSecGroupV2Read(d, meta) return resourceComputeSecGroupV2Read(d, meta)
} }
@ -79,6 +123,7 @@ func resourceComputeSecGroupV2Read(d *schema.ResourceData, meta interface{}) err
d.Set("region", d.Get("region").(string)) d.Set("region", d.Get("region").(string))
d.Set("name", sg.Name) d.Set("name", sg.Name)
d.Set("description", sg.Description) d.Set("description", sg.Description)
d.Set("rules", sg.Rules)
return nil return nil
} }
@ -104,6 +149,35 @@ func resourceComputeSecGroupV2Update(d *schema.ResourceData, meta interface{}) e
return fmt.Errorf("Error updating OpenStack security group (%s): %s", d.Id(), err) return fmt.Errorf("Error updating OpenStack security group (%s): %s", d.Id(), err)
} }
if d.HasChange("rules") {
oldSGRaw, newSGRaw := d.GetChange("rules")
oldSGRSet, newSGRSet := oldSGRaw.(*schema.Set), newSGRaw.(*schema.Set)
secgrouprulesToAdd := newSGRSet.Difference(oldSGRSet)
secgrouprulesToRemove := oldSGRSet.Difference(newSGRSet)
log.Printf("[DEBUG] Security group rules to add: %v", secgrouprulesToAdd)
log.Printf("[DEBUG] Security groups to remove: %v", secgrouprulesToRemove)
for _, rawRule := range secgrouprulesToAdd.List() {
createRuleOpts := resourceSecGroupRuleV2(d, rawRule)
rule, err := secgroups.CreateRule(computeClient, createRuleOpts).Extract()
if err != nil {
return fmt.Errorf("Error adding rule to OpenStack security group (%s): %s", d.Id(), err)
}
log.Printf("[DEBUG] Added rule (%s) to OpenStack security group (%s) ", rule.ID, d.Id())
}
for _, r := range secgrouprulesToRemove.List() {
rule := r.(secgroups.Rule)
err := secgroups.DeleteRule(computeClient, "").ExtractErr()
if err != nil {
return fmt.Errorf("Error removing rule (%s) from OpenStack security group (%s): %s", rule.ID, d.Id(), err)
}
log.Printf("[DEBUG] Removed rule (%s) from OpenStack security group (%s)", rule.ID, d.Id())
}
}
return resourceComputeSecGroupV2Read(d, meta) return resourceComputeSecGroupV2Read(d, meta)
} }
@ -123,3 +197,46 @@ func resourceComputeSecGroupV2Delete(d *schema.ResourceData, meta interface{}) e
d.SetId("") d.SetId("")
return nil return nil
} }
func resourceSecGroupRuleHash(v interface{}) int {
var buf bytes.Buffer
m := v.(map[string]interface{})
buf.WriteString(fmt.Sprintf("%d-", m["from_port"].(int)))
buf.WriteString(fmt.Sprintf("%d-", m["to_port"].(int)))
buf.WriteString(fmt.Sprintf("%s-", m["ip_protocol"].(string)))
buf.WriteString(fmt.Sprintf("%s-", m["cidr"].(string)))
buf.WriteString(fmt.Sprintf("%s-", m["from_group_id"].(string)))
return hashcode.String(buf.String())
}
func resourceSecGroupRulesV2(d *schema.ResourceData) []secgroups.CreateRuleOpts {
rawRules := (d.Get("rules")).(*schema.Set)
createRuleOptsList := make([]secgroups.CreateRuleOpts, rawRules.Len())
for i, raw := range rawRules.List() {
rawMap := raw.(map[string]interface{})
createRuleOptsList[i] = secgroups.CreateRuleOpts{
ParentGroupID: d.Id(),
FromPort: rawMap["from_port"].(int),
ToPort: rawMap["to_port"].(int),
IPProtocol: rawMap["ip_protocol"].(string),
CIDR: rawMap["cidr"].(string),
FromGroupID: rawMap["from_group_id"].(string),
}
}
return createRuleOptsList
}
func resourceSecGroupRuleV2(d *schema.ResourceData, raw interface{}) secgroups.CreateRuleOpts {
rawMap := raw.(map[string]interface{})
createRuleOpts := secgroups.CreateRuleOpts{
ParentGroupID: d.Id(),
FromPort: rawMap["from_port"].(int),
ToPort: rawMap["to_port"].(int),
IPProtocol: rawMap["ip_protocol"].(string),
CIDR: rawMap["cidr"].(string),
FromGroupID: rawMap["from_group_id"].(string),
}
return createRuleOpts
}