package openstack import ( "fmt" "log" "time" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" "github.com/gophercloud/gophercloud" "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/attributestags" "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/groups" "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/rules" ) func resourceNetworkingSecGroupV2() *schema.Resource { return &schema.Resource{ Create: resourceNetworkingSecGroupV2Create, Read: resourceNetworkingSecGroupV2Read, Update: resourceNetworkingSecGroupV2Update, Delete: resourceNetworkingSecGroupV2Delete, Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, }, Timeouts: &schema.ResourceTimeout{ Delete: schema.DefaultTimeout(10 * time.Minute), }, Schema: map[string]*schema.Schema{ "region": { Type: schema.TypeString, Optional: true, Computed: true, ForceNew: true, }, "name": { Type: schema.TypeString, Required: true, }, "description": { Type: schema.TypeString, Optional: true, Computed: true, }, "tenant_id": { Type: schema.TypeString, Optional: true, ForceNew: true, Computed: true, }, "delete_default_rules": { Type: schema.TypeBool, Optional: true, ForceNew: true, }, "tags": { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "all_tags": { Type: schema.TypeSet, Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, }, }, } } func resourceNetworkingSecGroupV2Create(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) networkingClient, err := config.networkingV2Client(GetRegion(d, config)) if err != nil { return fmt.Errorf("Error creating OpenStack networking client: %s", err) } opts := groups.CreateOpts{ Name: d.Get("name").(string), Description: d.Get("description").(string), TenantID: d.Get("tenant_id").(string), } log.Printf("[DEBUG] Create OpenStack Neutron Security Group: %#v", opts) security_group, err := groups.Create(networkingClient, opts).Extract() if err != nil { return err } // Delete the default security group rules if it has been requested. deleteDefaultRules := d.Get("delete_default_rules").(bool) if deleteDefaultRules { security_group, err := groups.Get(networkingClient, security_group.ID).Extract() if err != nil { return err } for _, rule := range security_group.Rules { if err := rules.Delete(networkingClient, rule.ID).ExtractErr(); err != nil { return fmt.Errorf( "There was a problem deleting a default security group rule: %s", err) } } } log.Printf("[DEBUG] OpenStack Neutron Security Group created: %#v", security_group) d.SetId(security_group.ID) tags := networkV2AttributesTags(d) if len(tags) > 0 { tagOpts := attributestags.ReplaceAllOpts{Tags: tags} tags, err := attributestags.ReplaceAll(networkingClient, "security-groups", security_group.ID, tagOpts).Extract() if err != nil { return fmt.Errorf("Error creating Tags on SecurityGroup: %s", err) } log.Printf("[DEBUG] Set Tags = %+v on SecurityGroup %+v", tags, security_group.ID) } return resourceNetworkingSecGroupV2Read(d, meta) } func resourceNetworkingSecGroupV2Read(d *schema.ResourceData, meta interface{}) error { log.Printf("[DEBUG] Retrieve information about security group: %s", d.Id()) config := meta.(*Config) networkingClient, err := config.networkingV2Client(GetRegion(d, config)) if err != nil { return fmt.Errorf("Error creating OpenStack networking client: %s", err) } security_group, err := groups.Get(networkingClient, d.Id()).Extract() if err != nil { return CheckDeleted(d, err, "OpenStack Neutron Security group") } d.Set("description", security_group.Description) d.Set("tenant_id", security_group.TenantID) d.Set("name", security_group.Name) d.Set("region", GetRegion(d, config)) networkV2ReadAttributesTags(d, security_group.Tags) return nil } func resourceNetworkingSecGroupV2Update(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) networkingClient, err := config.networkingV2Client(GetRegion(d, config)) if err != nil { return fmt.Errorf("Error creating OpenStack networking client: %s", err) } var update bool var updateOpts groups.UpdateOpts if d.HasChange("name") { update = true updateOpts.Name = d.Get("name").(string) } if d.HasChange("description") { update = true description := d.Get("description").(string) updateOpts.Description = &description } if update { log.Printf("[DEBUG] Updating SecGroup %s with options: %#v", d.Id(), updateOpts) _, err = groups.Update(networkingClient, d.Id(), updateOpts).Extract() if err != nil { return fmt.Errorf("Error updating OpenStack SecGroup: %s", err) } } if d.HasChange("tags") { tags := networkV2UpdateAttributesTags(d) tagOpts := attributestags.ReplaceAllOpts{Tags: tags} tags, err := attributestags.ReplaceAll(networkingClient, "security-groups", d.Id(), tagOpts).Extract() if err != nil { return fmt.Errorf("Error updating Tags on SecurityGroup: %s", err) } log.Printf("[DEBUG] Updated Tags = %+v on SecurityGroup %+v", tags, d.Id()) } return resourceNetworkingSecGroupV2Read(d, meta) } func resourceNetworkingSecGroupV2Delete(d *schema.ResourceData, meta interface{}) error { log.Printf("[DEBUG] Destroy security group: %s", d.Id()) config := meta.(*Config) networkingClient, err := config.networkingV2Client(GetRegion(d, config)) if err != nil { return fmt.Errorf("Error creating OpenStack networking client: %s", err) } stateConf := &resource.StateChangeConf{ Pending: []string{"ACTIVE"}, Target: []string{"DELETED"}, Refresh: waitForSecGroupDelete(networkingClient, d.Id()), Timeout: d.Timeout(schema.TimeoutDelete), Delay: 5 * time.Second, MinTimeout: 3 * time.Second, } _, err = stateConf.WaitForState() if err != nil { return fmt.Errorf("Error deleting OpenStack Neutron Security Group: %s", err) } d.SetId("") return err } func waitForSecGroupDelete(networkingClient *gophercloud.ServiceClient, secGroupId string) resource.StateRefreshFunc { return func() (interface{}, string, error) { log.Printf("[DEBUG] Attempting to delete OpenStack Security Group %s.\n", secGroupId) r, err := groups.Get(networkingClient, secGroupId).Extract() if err != nil { if _, ok := err.(gophercloud.ErrDefault404); ok { log.Printf("[DEBUG] Successfully deleted OpenStack Neutron Security Group %s", secGroupId) return r, "DELETED", nil } return r, "ACTIVE", err } err = groups.Delete(networkingClient, secGroupId).ExtractErr() if err != nil { if _, ok := err.(gophercloud.ErrDefault404); ok { log.Printf("[DEBUG] Successfully deleted OpenStack Neutron Security Group %s", secGroupId) return r, "DELETED", nil } if errCode, ok := err.(gophercloud.ErrUnexpectedResponseCode); ok { if errCode.Actual == 409 { return r, "ACTIVE", nil } } return r, "ACTIVE", err } log.Printf("[DEBUG] OpenStack Neutron Security Group %s still active.\n", secGroupId) return r, "ACTIVE", nil } }