provider/openstack: Allow any protocol in openstack_fw_rule_v1

This commit allows a protocol of "any" to be used in the firewall rule resource, which will allow any protocol.
10 years ago · d7bd40100c
parent aaff62242d
commit d7bd40100c
3 changed files with 64 additions and 8 deletions
--- a/builtin/providers/openstack/resource_openstack_fw_rule_v1.go
+++ b/builtin/providers/openstack/resource_openstack_fw_rule_v1.go
@ -88,11 +88,12 @@ func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error {

 	enabled := d.Get("enabled").(bool)
 	ipVersion := resourceFWRuleV1DetermineIPVersion(d.Get("ip_version").(int))
+	protocol := resourceFWRuleV1DetermineProtocol(d.Get("protocol").(string))

 	ruleConfiguration := rules.CreateOpts{
 		Name:                 d.Get("name").(string),
 		Description:          d.Get("description").(string),
-		Protocol:             d.Get("protocol").(string),
+		Protocol:             protocol,
 		Action:               d.Get("action").(string),
 		IPVersion:            ipVersion,
 		SourceIPAddress:      d.Get("source_ip_address").(string),
@ -103,11 +104,6 @@ func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error {
 		TenantID:             d.Get("tenant_id").(string),
 	}

-	if v, ok := d.GetOk("ip_version"); ok {
-		ipVersion := resourceFWRuleV1DetermineIPVersion(v.(int))
-		ruleConfiguration.IPVersion = ipVersion
-	}
-
 	log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration)

 	rule, err := rules.Create(networkingClient, ruleConfiguration).Extract()
@ -139,7 +135,6 @@ func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error {

 	log.Printf("[DEBUG] Read OpenStack Firewall Rule %s: %#v", d.Id(), rule)

-	d.Set("protocol", rule.Protocol)
 	d.Set("action", rule.Action)
 	d.Set("name", rule.Name)
 	d.Set("description", rule.Description)
@ -150,6 +145,12 @@ func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error {
 	d.Set("destination_port", rule.DestinationPort)
 	d.Set("enabled", rule.Enabled)

+	if rule.Protocol == "" {
+		d.Set("protocol", "any")
+	} else {
+		d.Set("protocol", rule.Protocol)
+	}
+
 	return nil
 }

@ -259,3 +260,19 @@ func resourceFWRuleV1DetermineIPVersion(ipv int) gophercloud.IPVersion {

 	return ipVersion
 }
+
+func resourceFWRuleV1DetermineProtocol(p string) rules.Protocol {
+	var protocol rules.Protocol
+	switch p {
+	case "any":
+		protocol = rules.ProtocolAny
+	case "icmp":
+		protocol = rules.ProtocolICMP
+	case "tcp":
+		protocol = rules.ProtocolTCP
+	case "udp":
+		protocol = rules.ProtocolUDP
+	}
+
+	return protocol
+}
--- a/builtin/providers/openstack/resource_openstack_fw_rule_v1_test.go
+++ b/builtin/providers/openstack/resource_openstack_fw_rule_v1_test.go
@ -73,6 +73,32 @@ func TestAccFWRuleV1_basic(t *testing.T) {
 	})
 }

+func TestAccFWRuleV1_anyProtocol(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckFWRuleV1Destroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testFirewallRuleAnyProtocol,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckFWRuleV1Exists(
+						"openstack_fw_rule_v1.rule_1",
+						&rules.Rule{
+							Name:            "rule_1",
+							Description:     "Allow any protocol",
+							Protocol:        "",
+							Action:          "allow",
+							IPVersion:       4,
+							SourceIPAddress: "192.168.199.0/24",
+							Enabled:         true,
+						}),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckFWRuleV1Destroy(s *terraform.State) error {

 	config := testAccProvider.Meta().(*Config)
@ -178,3 +204,15 @@ resource "openstack_fw_rule_v1" "accept_test" {
 	enabled = false
 }
 `
+
+const testFirewallRuleAnyProtocol = `
+resource "openstack_fw_rule_v1" "rule_1" {
+	name = "rule_1"
+	description = "Allow any protocol"
+	protocol = "any"
+	action = "allow"
+	ip_version = 4
+	source_ip_address = "192.168.199.0/24"
+	enabled = true
+}
+`
--- a/website/source/docs/providers/openstack/r/fw_rule_v1.html.markdown
+++ b/website/source/docs/providers/openstack/r/fw_rule_v1.html.markdown
@ -39,7 +39,8 @@ The following arguments are supported:
    updates the `description` of an existing firewall rule.

 * `protocol` - (Required) The protocol type on which the firewall rule operates.
-    Changing this updates the `protocol` of an existing firewall rule.
+    Valid values are: `tcp`, `udp`, `icmp`, and `any`. Changing this updates the
+    `protocol` of an existing firewall rule.

 * `action` - (Required) Action to be taken ( must be "allow" or "deny") when the
    firewall rule matches. Changing this updates the `action` of an existing