terraform/builtin/providers/opc/resource_security_rule.go

package opc

import (
	"fmt"

	"github.com/hashicorp/go-oracle-terraform/compute"
	"github.com/hashicorp/terraform/helper/schema"
)

func resourceOPCSecurityRule() *schema.Resource {
	return &schema.Resource{
		Create: resourceOPCSecurityRuleCreate,
		Read:   resourceOPCSecurityRuleRead,
		Update: resourceOPCSecurityRuleUpdate,
		Delete: resourceOPCSecurityRuleDelete,
		Importer: &schema.ResourceImporter{
			State: schema.ImportStatePassthrough,
		},

		Schema: map[string]*schema.Schema{
			"name": {
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},
			"flow_direction": {
				Type:     schema.TypeString,
				Required: true,
			},
			"acl": {
				Type:     schema.TypeString,
				Optional: true,
			},
			"dst_ip_address_prefixes": {
				Type:     schema.TypeList,
				Optional: true,
				Elem:     &schema.Schema{Type: schema.TypeString},
			},
			"src_ip_address_prefixes": {
				Type:     schema.TypeList,
				Optional: true,
				Elem:     &schema.Schema{Type: schema.TypeString},
			},
			"security_protocols": {
				Type:     schema.TypeList,
				Optional: true,
				Elem:     &schema.Schema{Type: schema.TypeString},
			},
			"dst_vnic_set": {
				Type:     schema.TypeString,
				Optional: true,
			},
			"src_vnic_set": {
				Type:     schema.TypeString,
				Optional: true,
			},
			"enabled": {
				Type:     schema.TypeBool,
				Optional: true,
				Default:  true,
			},
			"description": {
				Type:     schema.TypeString,
				Optional: true,
			},
			"tags": tagsOptionalSchema(),
			"uri": {
				Type:     schema.TypeString,
				Computed: true,
			},
		},
	}
}

func resourceOPCSecurityRuleCreate(d *schema.ResourceData, meta interface{}) error {
	client := meta.(*compute.Client).SecurityRules()
	input := compute.CreateSecurityRuleInput{
		Name:          d.Get("name").(string),
		FlowDirection: d.Get("flow_direction").(string),
		Enabled:       d.Get("enabled").(bool),
	}

	if acl, ok := d.GetOk("acl"); ok {
		input.ACL = acl.(string)
	}

	if srcVNicSet, ok := d.GetOk("src_vnic_set"); ok {
		input.SrcVnicSet = srcVNicSet.(string)
	}

	if dstVNicSet, ok := d.GetOk("dst_vnic_set"); ok {
		input.DstVnicSet = dstVNicSet.(string)
	}

	securityProtocols := getStringList(d, "security_protocols")
	if len(securityProtocols) != 0 {
		input.SecProtocols = securityProtocols
	}

	srcIPAdressPrefixes := getStringList(d, "src_ip_address_prefixes")
	if len(srcIPAdressPrefixes) != 0 {
		input.SrcIpAddressPrefixSets = srcIPAdressPrefixes
	}

	dstIPAdressPrefixes := getStringList(d, "dst_ip_address_prefixes")
	if len(dstIPAdressPrefixes) != 0 {
		input.DstIpAddressPrefixSets = dstIPAdressPrefixes
	}

	tags := getStringList(d, "tags")
	if len(tags) != 0 {
		input.Tags = tags
	}

	if description, ok := d.GetOk("description"); ok {
		input.Description = description.(string)
	}

	info, err := client.CreateSecurityRule(&input)
	if err != nil {
		return fmt.Errorf("Error creating Security Rule: %s", err)
	}

	d.SetId(info.Name)
	return resourceOPCSecurityRuleRead(d, meta)
}

func resourceOPCSecurityRuleRead(d *schema.ResourceData, meta interface{}) error {
	client := meta.(*compute.Client).SecurityRules()

	getInput := compute.GetSecurityRuleInput{
		Name: d.Id(),
	}
	result, err := client.GetSecurityRule(&getInput)
	if err != nil {
		// SecurityRule does not exist
		if compute.WasNotFoundError(err) {
			d.SetId("")
			return nil
		}
		return fmt.Errorf("Error reading security rule %s: %s", d.Id(), err)
	}

	d.Set("name", result.Name)
	d.Set("flow_direction", result.FlowDirection)
	d.Set("enabled", result.Enabled)
	d.Set("acl", result.ACL)
	d.Set("src_vnic_set", result.SrcVnicSet)
	d.Set("dst_vnic_set", result.DstVnicSet)
	d.Set("description", result.Description)
	d.Set("uri", result.Uri)

	if err := setStringList(d, "security_protocols", result.SecProtocols); err != nil {
		return err
	}
	if err := setStringList(d, "dst_ip_address_prefixes", result.DstIpAddressPrefixSets); err != nil {
		return err
	}
	if err := setStringList(d, "src_ip_address_prefixes", result.SrcIpAddressPrefixSets); err != nil {
		return err
	}
	if err := setStringList(d, "tags", result.Tags); err != nil {
		return err
	}
	return nil
}

func resourceOPCSecurityRuleUpdate(d *schema.ResourceData, meta interface{}) error {
	client := meta.(*compute.Client).SecurityRules()
	input := compute.UpdateSecurityRuleInput{
		Name:          d.Get("name").(string),
		FlowDirection: d.Get("flow_direction").(string),
		Enabled:       d.Get("enabled").(bool),
	}

	if acl, ok := d.GetOk("acl"); ok {
		input.ACL = acl.(string)
	}

	if srcVNicSet, ok := d.GetOk("src_vnic_set"); ok {
		input.SrcVnicSet = srcVNicSet.(string)
	}

	if dstVNicSet, ok := d.GetOk("dst_vnic_set"); ok {
		input.DstVnicSet = dstVNicSet.(string)
	}

	securityProtocols := getStringList(d, "security_protocols")
	if len(securityProtocols) != 0 {
		input.SecProtocols = securityProtocols
	}

	srcIPAdressPrefixes := getStringList(d, "src_ip_address_prefixes")
	if len(srcIPAdressPrefixes) != 0 {
		input.SrcIpAddressPrefixSets = srcIPAdressPrefixes
	}

	dstIPAdressPrefixes := getStringList(d, "dst_ip_address_prefixes")
	if len(dstIPAdressPrefixes) != 0 {
		input.DstIpAddressPrefixSets = dstIPAdressPrefixes
	}

	tags := getStringList(d, "tags")
	if len(tags) != 0 {
		input.Tags = tags
	}

	if description, ok := d.GetOk("description"); ok {
		input.Description = description.(string)
	}
	info, err := client.UpdateSecurityRule(&input)
	if err != nil {
		return fmt.Errorf("Error updating Security Rule: %s", err)
	}

	d.SetId(info.Name)
	return resourceOPCSecurityRuleRead(d, meta)
}

func resourceOPCSecurityRuleDelete(d *schema.ResourceData, meta interface{}) error {
	client := meta.(*compute.Client).SecurityRules()
	name := d.Id()

	input := compute.DeleteSecurityRuleInput{
		Name: name,
	}
	if err := client.DeleteSecurityRule(&input); err != nil {
		return fmt.Errorf("Error deleting Security Rule: %s", err)
	}
	return nil
}