terraform/builtin/providers/opc/resource_security_rule.go

232 lines
5.8 KiB
Go

package opc
import (
"fmt"
"github.com/hashicorp/go-oracle-terraform/compute"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceOPCSecurityRule() *schema.Resource {
return &schema.Resource{
Create: resourceOPCSecurityRuleCreate,
Read: resourceOPCSecurityRuleRead,
Update: resourceOPCSecurityRuleUpdate,
Delete: resourceOPCSecurityRuleDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"flow_direction": {
Type: schema.TypeString,
Required: true,
},
"acl": {
Type: schema.TypeString,
Optional: true,
},
"dst_ip_address_prefixes": {
Type: schema.TypeList,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"src_ip_address_prefixes": {
Type: schema.TypeList,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"security_protocols": {
Type: schema.TypeList,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"dst_vnic_set": {
Type: schema.TypeString,
Optional: true,
},
"src_vnic_set": {
Type: schema.TypeString,
Optional: true,
},
"enabled": {
Type: schema.TypeBool,
Optional: true,
Default: true,
},
"description": {
Type: schema.TypeString,
Optional: true,
},
"tags": tagsOptionalSchema(),
"uri": {
Type: schema.TypeString,
Computed: true,
},
},
}
}
func resourceOPCSecurityRuleCreate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*compute.Client).SecurityRules()
input := compute.CreateSecurityRuleInput{
Name: d.Get("name").(string),
FlowDirection: d.Get("flow_direction").(string),
Enabled: d.Get("enabled").(bool),
}
if acl, ok := d.GetOk("acl"); ok {
input.ACL = acl.(string)
}
if srcVNicSet, ok := d.GetOk("src_vnic_set"); ok {
input.SrcVnicSet = srcVNicSet.(string)
}
if dstVNicSet, ok := d.GetOk("dst_vnic_set"); ok {
input.DstVnicSet = dstVNicSet.(string)
}
securityProtocols := getStringList(d, "security_protocols")
if len(securityProtocols) != 0 {
input.SecProtocols = securityProtocols
}
srcIPAdressPrefixes := getStringList(d, "src_ip_address_prefixes")
if len(srcIPAdressPrefixes) != 0 {
input.SrcIpAddressPrefixSets = srcIPAdressPrefixes
}
dstIPAdressPrefixes := getStringList(d, "dst_ip_address_prefixes")
if len(dstIPAdressPrefixes) != 0 {
input.DstIpAddressPrefixSets = dstIPAdressPrefixes
}
tags := getStringList(d, "tags")
if len(tags) != 0 {
input.Tags = tags
}
if description, ok := d.GetOk("description"); ok {
input.Description = description.(string)
}
info, err := client.CreateSecurityRule(&input)
if err != nil {
return fmt.Errorf("Error creating Security Rule: %s", err)
}
d.SetId(info.Name)
return resourceOPCSecurityRuleRead(d, meta)
}
func resourceOPCSecurityRuleRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*compute.Client).SecurityRules()
getInput := compute.GetSecurityRuleInput{
Name: d.Id(),
}
result, err := client.GetSecurityRule(&getInput)
if err != nil {
// SecurityRule does not exist
if compute.WasNotFoundError(err) {
d.SetId("")
return nil
}
return fmt.Errorf("Error reading security rule %s: %s", d.Id(), err)
}
d.Set("name", result.Name)
d.Set("flow_direction", result.FlowDirection)
d.Set("enabled", result.Enabled)
d.Set("acl", result.ACL)
d.Set("src_vnic_set", result.SrcVnicSet)
d.Set("dst_vnic_set", result.DstVnicSet)
d.Set("description", result.Description)
d.Set("uri", result.Uri)
if err := setStringList(d, "security_protocols", result.SecProtocols); err != nil {
return err
}
if err := setStringList(d, "dst_ip_address_prefixes", result.DstIpAddressPrefixSets); err != nil {
return err
}
if err := setStringList(d, "src_ip_address_prefixes", result.SrcIpAddressPrefixSets); err != nil {
return err
}
if err := setStringList(d, "tags", result.Tags); err != nil {
return err
}
return nil
}
func resourceOPCSecurityRuleUpdate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*compute.Client).SecurityRules()
input := compute.UpdateSecurityRuleInput{
Name: d.Get("name").(string),
FlowDirection: d.Get("flow_direction").(string),
Enabled: d.Get("enabled").(bool),
}
if acl, ok := d.GetOk("acl"); ok {
input.ACL = acl.(string)
}
if srcVNicSet, ok := d.GetOk("src_vnic_set"); ok {
input.SrcVnicSet = srcVNicSet.(string)
}
if dstVNicSet, ok := d.GetOk("dst_vnic_set"); ok {
input.DstVnicSet = dstVNicSet.(string)
}
securityProtocols := getStringList(d, "security_protocols")
if len(securityProtocols) != 0 {
input.SecProtocols = securityProtocols
}
srcIPAdressPrefixes := getStringList(d, "src_ip_address_prefixes")
if len(srcIPAdressPrefixes) != 0 {
input.SrcIpAddressPrefixSets = srcIPAdressPrefixes
}
dstIPAdressPrefixes := getStringList(d, "dst_ip_address_prefixes")
if len(dstIPAdressPrefixes) != 0 {
input.DstIpAddressPrefixSets = dstIPAdressPrefixes
}
tags := getStringList(d, "tags")
if len(tags) != 0 {
input.Tags = tags
}
if description, ok := d.GetOk("description"); ok {
input.Description = description.(string)
}
info, err := client.UpdateSecurityRule(&input)
if err != nil {
return fmt.Errorf("Error updating Security Rule: %s", err)
}
d.SetId(info.Name)
return resourceOPCSecurityRuleRead(d, meta)
}
func resourceOPCSecurityRuleDelete(d *schema.ResourceData, meta interface{}) error {
client := meta.(*compute.Client).SecurityRules()
name := d.Id()
input := compute.DeleteSecurityRuleInput{
Name: name,
}
if err := client.DeleteSecurityRule(&input); err != nil {
return fmt.Errorf("Error deleting Security Rule: %s", err)
}
return nil
}