mirror of
synced 2025-02-25 18:45:20 -06:00
* provider/openstack: Detect Region for Importing Resources This commit changes the way the OpenStack region is detected and set. Any time a region is required, the region attribute will first be checked. Next, the OS_REGION_NAME environment variable will be checked. While schema.EnvDefaultFunc handles this same situation, it is not applicable when importing resources. * provider/openstack: No longer ignore region in importing tests * provider/openstack: Network and Subnet Import Fixes This commit fixes the OpenStack Network and Subnet resources so that importing of those resources is successful.
289 lines
7.0 KiB
289 lines
7.0 KiB
package openstack
import (
func resourceFWRuleV1() *schema.Resource {
return &schema.Resource{
Create: resourceFWRuleV1Create,
Read: resourceFWRuleV1Read,
Update: resourceFWRuleV1Update,
Delete: resourceFWRuleV1Delete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
Schema: map[string]*schema.Schema{
"region": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""),
"name": &schema.Schema{
Type: schema.TypeString,
Optional: true,
"description": &schema.Schema{
Type: schema.TypeString,
Optional: true,
"protocol": &schema.Schema{
Type: schema.TypeString,
Required: true,
"action": &schema.Schema{
Type: schema.TypeString,
Required: true,
"ip_version": &schema.Schema{
Type: schema.TypeInt,
Optional: true,
Default: 4,
"source_ip_address": &schema.Schema{
Type: schema.TypeString,
Optional: true,
"destination_ip_address": &schema.Schema{
Type: schema.TypeString,
Optional: true,
"source_port": &schema.Schema{
Type: schema.TypeString,
Optional: true,
"destination_port": &schema.Schema{
Type: schema.TypeString,
Optional: true,
"enabled": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
Default: true,
"tenant_id": &schema.Schema{
Type: schema.TypeString,
Optional: true,
ForceNew: true,
"value_specs": &schema.Schema{
Type: schema.TypeMap,
Optional: true,
ForceNew: true,
func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
networkingClient, err := config.networkingV2Client(GetRegion(d))
if err != nil {
return fmt.Errorf("Error creating OpenStack networking client: %s", err)
enabled := d.Get("enabled").(bool)
ipVersion := resourceFWRuleV1DetermineIPVersion(d.Get("ip_version").(int))
protocol := resourceFWRuleV1DetermineProtocol(d.Get("protocol").(string))
ruleConfiguration := RuleCreateOpts{
Name: d.Get("name").(string),
Description: d.Get("description").(string),
Protocol: protocol,
Action: d.Get("action").(string),
IPVersion: ipVersion,
SourceIPAddress: d.Get("source_ip_address").(string),
DestinationIPAddress: d.Get("destination_ip_address").(string),
SourcePort: d.Get("source_port").(string),
DestinationPort: d.Get("destination_port").(string),
Enabled: &enabled,
TenantID: d.Get("tenant_id").(string),
log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration)
rule, err := rules.Create(networkingClient, ruleConfiguration).Extract()
if err != nil {
return err
log.Printf("[DEBUG] Firewall rule with id %s : %#v", rule.ID, rule)
return resourceFWRuleV1Read(d, meta)
func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error {
log.Printf("[DEBUG] Retrieve information about firewall rule: %s", d.Id())
config := meta.(*Config)
networkingClient, err := config.networkingV2Client(GetRegion(d))
if err != nil {
return fmt.Errorf("Error creating OpenStack networking client: %s", err)
rule, err := rules.Get(networkingClient, d.Id()).Extract()
if err != nil {
return CheckDeleted(d, err, "FW rule")
log.Printf("[DEBUG] Read OpenStack Firewall Rule %s: %#v", d.Id(), rule)
d.Set("action", rule.Action)
d.Set("name", rule.Name)
d.Set("description", rule.Description)
d.Set("ip_version", rule.IPVersion)
d.Set("source_ip_address", rule.SourceIPAddress)
d.Set("destination_ip_address", rule.DestinationIPAddress)
d.Set("source_port", rule.SourcePort)
d.Set("destination_port", rule.DestinationPort)
d.Set("enabled", rule.Enabled)
if rule.Protocol == "" {
d.Set("protocol", "any")
} else {
d.Set("protocol", rule.Protocol)
d.Set("region", GetRegion(d))
return nil
func resourceFWRuleV1Update(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
networkingClient, err := config.networkingV2Client(GetRegion(d))
if err != nil {
return fmt.Errorf("Error creating OpenStack networking client: %s", err)
opts := rules.UpdateOpts{}
if d.HasChange("name") {
v := d.Get("name").(string)
opts.Name = &v
if d.HasChange("description") {
v := d.Get("description").(string)
opts.Description = &v
if d.HasChange("protocol") {
v := d.Get("protocol").(string)
opts.Protocol = &v
if d.HasChange("action") {
v := d.Get("action").(string)
opts.Action = &v
if d.HasChange("ip_version") {
v := d.Get("ip_version").(int)
ipVersion := resourceFWRuleV1DetermineIPVersion(v)
opts.IPVersion = &ipVersion
if d.HasChange("source_ip_address") {
v := d.Get("source_ip_address").(string)
opts.SourceIPAddress = &v
if d.HasChange("destination_ip_address") {
v := d.Get("destination_ip_address").(string)
opts.DestinationIPAddress = &v
if d.HasChange("source_port") {
v := d.Get("source_port").(string)
opts.SourcePort = &v
if d.HasChange("destination_port") {
v := d.Get("destination_port").(string)
opts.DestinationPort = &v
if d.HasChange("enabled") {
v := d.Get("enabled").(bool)
opts.Enabled = &v
log.Printf("[DEBUG] Updating firewall rules: %#v", opts)
err = rules.Update(networkingClient, d.Id(), opts).Err
if err != nil {
return err
return resourceFWRuleV1Read(d, meta)
func resourceFWRuleV1Delete(d *schema.ResourceData, meta interface{}) error {
log.Printf("[DEBUG] Destroy firewall rule: %s", d.Id())
config := meta.(*Config)
networkingClient, err := config.networkingV2Client(GetRegion(d))
if err != nil {
return fmt.Errorf("Error creating OpenStack networking client: %s", err)
rule, err := rules.Get(networkingClient, d.Id()).Extract()
if err != nil {
return err
if rule.PolicyID != "" {
_, err := policies.RemoveRule(networkingClient, rule.PolicyID, rule.ID).Extract()
if err != nil {
return err
return rules.Delete(networkingClient, d.Id()).Err
func resourceFWRuleV1DetermineIPVersion(ipv int) gophercloud.IPVersion {
// Determine the IP Version
var ipVersion gophercloud.IPVersion
switch ipv {
case 4:
ipVersion = gophercloud.IPv4
case 6:
ipVersion = gophercloud.IPv6
return ipVersion
func resourceFWRuleV1DetermineProtocol(p string) rules.Protocol {
var protocol rules.Protocol
switch p {
case "any":
protocol = rules.ProtocolAny
case "icmp":
protocol = rules.ProtocolICMP
case "tcp":
protocol = rules.ProtocolTCP
case "udp":
protocol = rules.ProtocolUDP
return protocol