250 lines
7.2 KiB
Go
250 lines
7.2 KiB
Go
package openstack
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
"time"
|
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/helper/schema"
|
|
|
|
"github.com/gophercloud/gophercloud"
|
|
"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/attributestags"
|
|
"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/groups"
|
|
"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/rules"
|
|
)
|
|
|
|
func resourceNetworkingSecGroupV2() *schema.Resource {
|
|
return &schema.Resource{
|
|
Create: resourceNetworkingSecGroupV2Create,
|
|
Read: resourceNetworkingSecGroupV2Read,
|
|
Update: resourceNetworkingSecGroupV2Update,
|
|
Delete: resourceNetworkingSecGroupV2Delete,
|
|
Importer: &schema.ResourceImporter{
|
|
State: schema.ImportStatePassthrough,
|
|
},
|
|
|
|
Timeouts: &schema.ResourceTimeout{
|
|
Delete: schema.DefaultTimeout(10 * time.Minute),
|
|
},
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
"region": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
Computed: true,
|
|
ForceNew: true,
|
|
},
|
|
"name": {
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
},
|
|
"description": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
Computed: true,
|
|
},
|
|
"tenant_id": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
ForceNew: true,
|
|
Computed: true,
|
|
},
|
|
"delete_default_rules": {
|
|
Type: schema.TypeBool,
|
|
Optional: true,
|
|
ForceNew: true,
|
|
},
|
|
"tags": {
|
|
Type: schema.TypeSet,
|
|
Optional: true,
|
|
Elem: &schema.Schema{Type: schema.TypeString},
|
|
},
|
|
"all_tags": {
|
|
Type: schema.TypeSet,
|
|
Computed: true,
|
|
Elem: &schema.Schema{Type: schema.TypeString},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func resourceNetworkingSecGroupV2Create(d *schema.ResourceData, meta interface{}) error {
|
|
|
|
config := meta.(*Config)
|
|
networkingClient, err := config.networkingV2Client(GetRegion(d, config))
|
|
if err != nil {
|
|
return fmt.Errorf("Error creating OpenStack networking client: %s", err)
|
|
}
|
|
|
|
opts := groups.CreateOpts{
|
|
Name: d.Get("name").(string),
|
|
Description: d.Get("description").(string),
|
|
TenantID: d.Get("tenant_id").(string),
|
|
}
|
|
|
|
log.Printf("[DEBUG] Create OpenStack Neutron Security Group: %#v", opts)
|
|
|
|
security_group, err := groups.Create(networkingClient, opts).Extract()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Delete the default security group rules if it has been requested.
|
|
deleteDefaultRules := d.Get("delete_default_rules").(bool)
|
|
if deleteDefaultRules {
|
|
security_group, err := groups.Get(networkingClient, security_group.ID).Extract()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for _, rule := range security_group.Rules {
|
|
if err := rules.Delete(networkingClient, rule.ID).ExtractErr(); err != nil {
|
|
return fmt.Errorf(
|
|
"There was a problem deleting a default security group rule: %s", err)
|
|
}
|
|
}
|
|
}
|
|
|
|
log.Printf("[DEBUG] OpenStack Neutron Security Group created: %#v", security_group)
|
|
|
|
d.SetId(security_group.ID)
|
|
|
|
tags := networkV2AttributesTags(d)
|
|
if len(tags) > 0 {
|
|
tagOpts := attributestags.ReplaceAllOpts{Tags: tags}
|
|
tags, err := attributestags.ReplaceAll(networkingClient, "security-groups", security_group.ID, tagOpts).Extract()
|
|
if err != nil {
|
|
return fmt.Errorf("Error creating Tags on SecurityGroup: %s", err)
|
|
}
|
|
log.Printf("[DEBUG] Set Tags = %+v on SecurityGroup %+v", tags, security_group.ID)
|
|
}
|
|
|
|
return resourceNetworkingSecGroupV2Read(d, meta)
|
|
}
|
|
|
|
func resourceNetworkingSecGroupV2Read(d *schema.ResourceData, meta interface{}) error {
|
|
log.Printf("[DEBUG] Retrieve information about security group: %s", d.Id())
|
|
|
|
config := meta.(*Config)
|
|
networkingClient, err := config.networkingV2Client(GetRegion(d, config))
|
|
if err != nil {
|
|
return fmt.Errorf("Error creating OpenStack networking client: %s", err)
|
|
}
|
|
|
|
security_group, err := groups.Get(networkingClient, d.Id()).Extract()
|
|
|
|
if err != nil {
|
|
return CheckDeleted(d, err, "OpenStack Neutron Security group")
|
|
}
|
|
|
|
d.Set("description", security_group.Description)
|
|
d.Set("tenant_id", security_group.TenantID)
|
|
d.Set("name", security_group.Name)
|
|
d.Set("region", GetRegion(d, config))
|
|
|
|
networkV2ReadAttributesTags(d, security_group.Tags)
|
|
|
|
return nil
|
|
}
|
|
|
|
func resourceNetworkingSecGroupV2Update(d *schema.ResourceData, meta interface{}) error {
|
|
config := meta.(*Config)
|
|
networkingClient, err := config.networkingV2Client(GetRegion(d, config))
|
|
if err != nil {
|
|
return fmt.Errorf("Error creating OpenStack networking client: %s", err)
|
|
}
|
|
|
|
var update bool
|
|
var updateOpts groups.UpdateOpts
|
|
|
|
if d.HasChange("name") {
|
|
update = true
|
|
updateOpts.Name = d.Get("name").(string)
|
|
}
|
|
|
|
if d.HasChange("description") {
|
|
update = true
|
|
description := d.Get("description").(string)
|
|
updateOpts.Description = &description
|
|
}
|
|
|
|
if update {
|
|
log.Printf("[DEBUG] Updating SecGroup %s with options: %#v", d.Id(), updateOpts)
|
|
_, err = groups.Update(networkingClient, d.Id(), updateOpts).Extract()
|
|
if err != nil {
|
|
return fmt.Errorf("Error updating OpenStack SecGroup: %s", err)
|
|
}
|
|
}
|
|
|
|
if d.HasChange("tags") {
|
|
tags := networkV2UpdateAttributesTags(d)
|
|
tagOpts := attributestags.ReplaceAllOpts{Tags: tags}
|
|
tags, err := attributestags.ReplaceAll(networkingClient, "security-groups", d.Id(), tagOpts).Extract()
|
|
if err != nil {
|
|
return fmt.Errorf("Error updating Tags on SecurityGroup: %s", err)
|
|
}
|
|
log.Printf("[DEBUG] Updated Tags = %+v on SecurityGroup %+v", tags, d.Id())
|
|
}
|
|
|
|
return resourceNetworkingSecGroupV2Read(d, meta)
|
|
}
|
|
|
|
func resourceNetworkingSecGroupV2Delete(d *schema.ResourceData, meta interface{}) error {
|
|
log.Printf("[DEBUG] Destroy security group: %s", d.Id())
|
|
|
|
config := meta.(*Config)
|
|
networkingClient, err := config.networkingV2Client(GetRegion(d, config))
|
|
if err != nil {
|
|
return fmt.Errorf("Error creating OpenStack networking client: %s", err)
|
|
}
|
|
|
|
stateConf := &resource.StateChangeConf{
|
|
Pending: []string{"ACTIVE"},
|
|
Target: []string{"DELETED"},
|
|
Refresh: waitForSecGroupDelete(networkingClient, d.Id()),
|
|
Timeout: d.Timeout(schema.TimeoutDelete),
|
|
Delay: 5 * time.Second,
|
|
MinTimeout: 3 * time.Second,
|
|
}
|
|
|
|
_, err = stateConf.WaitForState()
|
|
if err != nil {
|
|
return fmt.Errorf("Error deleting OpenStack Neutron Security Group: %s", err)
|
|
}
|
|
|
|
d.SetId("")
|
|
return err
|
|
}
|
|
|
|
func waitForSecGroupDelete(networkingClient *gophercloud.ServiceClient, secGroupId string) resource.StateRefreshFunc {
|
|
return func() (interface{}, string, error) {
|
|
log.Printf("[DEBUG] Attempting to delete OpenStack Security Group %s.\n", secGroupId)
|
|
|
|
r, err := groups.Get(networkingClient, secGroupId).Extract()
|
|
if err != nil {
|
|
if _, ok := err.(gophercloud.ErrDefault404); ok {
|
|
log.Printf("[DEBUG] Successfully deleted OpenStack Neutron Security Group %s", secGroupId)
|
|
return r, "DELETED", nil
|
|
}
|
|
return r, "ACTIVE", err
|
|
}
|
|
|
|
err = groups.Delete(networkingClient, secGroupId).ExtractErr()
|
|
if err != nil {
|
|
if _, ok := err.(gophercloud.ErrDefault404); ok {
|
|
log.Printf("[DEBUG] Successfully deleted OpenStack Neutron Security Group %s", secGroupId)
|
|
return r, "DELETED", nil
|
|
}
|
|
if errCode, ok := err.(gophercloud.ErrUnexpectedResponseCode); ok {
|
|
if errCode.Actual == 409 {
|
|
return r, "ACTIVE", nil
|
|
}
|
|
}
|
|
return r, "ACTIVE", err
|
|
}
|
|
|
|
log.Printf("[DEBUG] OpenStack Neutron Security Group %s still active.\n", secGroupId)
|
|
return r, "ACTIVE", nil
|
|
}
|
|
}
|