package openstack import ( "fmt" "testing" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/groups" "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/rules" ) func TestAccNetworkingV2SecGroupRule_basic(t *testing.T) { var secgroup_1 groups.SecGroup var secgroup_2 groups.SecGroup var secgroup_rule_1 rules.SecGroupRule var secgroup_rule_2 rules.SecGroupRule resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testAccCheckNetworkingV2SecGroupRuleDestroy, Steps: []resource.TestStep{ resource.TestStep{ Config: testAccNetworkingV2SecGroupRule_basic, Check: resource.ComposeTestCheckFunc( testAccCheckNetworkingV2SecGroupExists( "openstack_networking_secgroup_v2.secgroup_1", &secgroup_1), testAccCheckNetworkingV2SecGroupExists( "openstack_networking_secgroup_v2.secgroup_2", &secgroup_2), testAccCheckNetworkingV2SecGroupRuleExists( "openstack_networking_secgroup_rule_v2.secgroup_rule_1", &secgroup_rule_1), testAccCheckNetworkingV2SecGroupRuleExists( "openstack_networking_secgroup_rule_v2.secgroup_rule_2", &secgroup_rule_2), ), }, }, }) } func TestAccNetworkingV2SecGroupRule_lowerCaseCIDR(t *testing.T) { var secgroup_1 groups.SecGroup var secgroup_rule_1 rules.SecGroupRule resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testAccCheckNetworkingV2SecGroupRuleDestroy, Steps: []resource.TestStep{ resource.TestStep{ Config: testAccNetworkingV2SecGroupRule_lowerCaseCIDR, Check: resource.ComposeTestCheckFunc( testAccCheckNetworkingV2SecGroupExists( "openstack_networking_secgroup_v2.secgroup_1", &secgroup_1), testAccCheckNetworkingV2SecGroupRuleExists( "openstack_networking_secgroup_rule_v2.secgroup_rule_1", &secgroup_rule_1), resource.TestCheckResourceAttr( "openstack_networking_secgroup_rule_v2.secgroup_rule_1", "remote_ip_prefix", "2001:558:fc00::/39"), ), }, }, }) } func testAccCheckNetworkingV2SecGroupRuleDestroy(s *terraform.State) error { config := testAccProvider.Meta().(*Config) networkingClient, err := config.networkingV2Client(OS_REGION_NAME) if err != nil { return fmt.Errorf("Error creating OpenStack networking client: %s", err) } for _, rs := range s.RootModule().Resources { if rs.Type != "openstack_networking_secgroup_rule_v2" { continue } _, err := rules.Get(networkingClient, rs.Primary.ID).Extract() if err == nil { return fmt.Errorf("Security group rule still exists") } } return nil } func testAccCheckNetworkingV2SecGroupRuleExists(n string, security_group_rule *rules.SecGroupRule) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] if !ok { return fmt.Errorf("Not found: %s", n) } if rs.Primary.ID == "" { return fmt.Errorf("No ID is set") } config := testAccProvider.Meta().(*Config) networkingClient, err := config.networkingV2Client(OS_REGION_NAME) if err != nil { return fmt.Errorf("Error creating OpenStack networking client: %s", err) } found, err := rules.Get(networkingClient, rs.Primary.ID).Extract() if err != nil { return err } if found.ID != rs.Primary.ID { return fmt.Errorf("Security group rule not found") } *security_group_rule = *found return nil } } const testAccNetworkingV2SecGroupRule_basic = ` resource "openstack_networking_secgroup_v2" "secgroup_1" { name = "secgroup_1" description = "terraform security group rule acceptance test" } resource "openstack_networking_secgroup_v2" "secgroup_2" { name = "secgroup_2" description = "terraform security group rule acceptance test" } resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { direction = "ingress" ethertype = "IPv4" port_range_max = 22 port_range_min = 22 protocol = "tcp" remote_ip_prefix = "0.0.0.0/0" security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}" } resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" { direction = "ingress" ethertype = "IPv4" port_range_max = 80 port_range_min = 80 protocol = "tcp" remote_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}" security_group_id = "${openstack_networking_secgroup_v2.secgroup_2.id}" } ` const testAccNetworkingV2SecGroupRule_lowerCaseCIDR = ` resource "openstack_networking_secgroup_v2" "secgroup_1" { name = "secgroup_1" description = "terraform security group rule acceptance test" } resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_1" { direction = "ingress" ethertype = "IPv6" port_range_max = 22 port_range_min = 22 protocol = "tcp" remote_ip_prefix = "2001:558:FC00::/39" security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}" } `