From 552b0af2016e893919cfa572b20c12496dbea60a Mon Sep 17 00:00:00 2001
From: Guillaume Giamarchi <guillaume.giamarchi@gmail.com>
Date: Mon, 2 Feb 2015 21:36:21 +0100
Subject: [PATCH] Add FWaaS rule resource

---
 .../resource_openstack_fw_rule_v2.go          | 219 ++++++++++++++++++
 1 file changed, 219 insertions(+)
 create mode 100644 builtin/providers/openstack/resource_openstack_fw_rule_v2.go

diff --git a/builtin/providers/openstack/resource_openstack_fw_rule_v2.go b/builtin/providers/openstack/resource_openstack_fw_rule_v2.go
new file mode 100644
index 0000000000..97d8da5684
--- /dev/null
+++ b/builtin/providers/openstack/resource_openstack_fw_rule_v2.go
@@ -0,0 +1,219 @@
+package openstack
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/racker/perigee"
+	"github.com/rackspace/gophercloud/openstack/networking/v2/extensions/fwaas/rules"
+)
+
+func resourceFWRuleV2() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceFirewallRuleCreate,
+		Read:   resourceFirewallRuleRead,
+		Update: resourceFirewallRuleUpdate,
+		Delete: resourceFirewallRuleDelete,
+
+		Schema: map[string]*schema.Schema{
+			"region": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				DefaultFunc: envDefaultFunc("OS_REGION_NAME"),
+			},
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"description": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"protocol": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"action": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"ip_version": &schema.Schema{
+				Type:     schema.TypeInt,
+				Optional: true,
+				Default:  4,
+			},
+			"source_ip_address": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"destination_ip_address": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"source_port": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"destination_port": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"enabled": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+		},
+	}
+}
+
+func resourceFirewallRuleCreate(d *schema.ResourceData, meta interface{}) error {
+
+	config := meta.(*Config)
+	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
+	if err != nil {
+		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
+	}
+
+	enabled := d.Get("enabled").(bool)
+
+	ruleConfiguration := rules.CreateOpts{
+		Name:                 d.Get("name").(string),
+		Description:          d.Get("description").(string),
+		Protocol:             d.Get("protocol").(string),
+		Action:               d.Get("action").(string),
+		IPVersion:            d.Get("ip_version").(int),
+		SourceIPAddress:      d.Get("source_ip_address").(string),
+		DestinationIPAddress: d.Get("destination_ip_address").(string),
+		SourcePort:           d.Get("source_port").(string),
+		DestinationPort:      d.Get("destination_port").(string),
+		Enabled:              &enabled,
+	}
+
+	log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration)
+
+	rule, err := rules.Create(networkingClient, ruleConfiguration).Extract()
+
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Firewall rule with id %s : %#v", rule.ID, rule)
+
+	d.SetId(rule.ID)
+
+	d.Set("name", rule.Name)
+	d.Set("description", rule.Description)
+	d.Set("protocol", rule.Protocol)
+	d.Set("action", rule.Action)
+	d.Set("ip_version", rule.IPVersion)
+	d.Set("source_ip_address", rule.SourceIPAddress)
+	d.Set("destination_ip_address", rule.DestinationIPAddress)
+	d.Set("source_port", rule.SourcePort)
+	d.Set("destination_port", rule.DestinationPort)
+	d.Set("enabled", rule.Enabled)
+
+	return nil
+}
+
+func resourceFirewallRuleRead(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[DEBUG] Retrieve information about firewall rule: %s", d.Id())
+
+	config := meta.(*Config)
+	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
+	if err != nil {
+		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
+	}
+
+	rule, err := rules.Get(networkingClient, d.Id()).Extract()
+
+	if err != nil {
+		httpError, ok := err.(*perigee.UnexpectedResponseCodeError)
+		if !ok {
+			return err
+		}
+		if httpError.Actual == 404 {
+			d.SetId("")
+			return nil
+		}
+		return err
+	}
+
+	d.Set("name", rule.Name)
+	d.Set("description", rule.Description)
+	d.Set("protocol", rule.Protocol)
+	d.Set("action", rule.Action)
+	d.Set("ip_version", rule.IPVersion)
+	d.Set("source_ip_address", rule.SourceIPAddress)
+	d.Set("destination_ip_address", rule.DestinationIPAddress)
+	d.Set("source_port", rule.SourcePort)
+	d.Set("destination_port", rule.DestinationPort)
+	d.Set("enabled", rule.Enabled)
+
+	return nil
+}
+
+func resourceFirewallRuleUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
+	if err != nil {
+		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
+	}
+
+	opts := rules.UpdateOpts{}
+
+	if d.HasChange("name") {
+		name := d.Get("name").(string)
+		opts.Name = &name
+	}
+	if d.HasChange("description") {
+		description := d.Get("description").(string)
+		opts.Description = &description
+	}
+	if d.HasChange("protocol") {
+		opts.Protocol = d.Get("protocol").(string)
+	}
+	if d.HasChange("action") {
+		opts.Action = d.Get("action").(string)
+	}
+	if d.HasChange("ip_version") {
+		opts.IPVersion = d.Get("ip_version").(int)
+	}
+	if d.HasChange("source_ip_address") {
+		sourceIPAddress := d.Get("source_ip_address").(string)
+		opts.SourceIPAddress = &sourceIPAddress
+	}
+	if d.HasChange("destination_ip_address") {
+		destinationIPAddress := d.Get("destination_ip_address").(string)
+		opts.DestinationIPAddress = &destinationIPAddress
+	}
+	if d.HasChange("source_port") {
+		sourcePort := d.Get("source_port").(string)
+		opts.SourcePort = &sourcePort
+	}
+	if d.HasChange("destination_port") {
+		destinationPort := d.Get("destination_port").(string)
+		opts.DestinationPort = &destinationPort
+	}
+	if d.HasChange("enabled") {
+		enabled := d.Get("enabled").(bool)
+		opts.Enabled = &enabled
+	}
+
+	log.Printf("[DEBUG] Updating firewall rules: %#v", opts)
+
+	return rules.Update(networkingClient, d.Id(), opts).Err
+}
+
+func resourceFirewallRuleDelete(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[DEBUG] Destroy firewall rule: %s", d.Id())
+
+	config := meta.(*Config)
+	networkingClient, err := config.networkingV2Client(d.Get("region").(string))
+	if err != nil {
+		return fmt.Errorf("Error creating OpenStack networking client: %s", err)
+	}
+	return rules.Delete(networkingClient, d.Id()).Err
+}