コード例 #1
0
// resourceAzureSecurityGroupRuleCreate does all the necessary API calls to
// create a new network security group rule on Azure.
func resourceAzureSecurityGroupRuleCreate(d *schema.ResourceData, meta interface{}) error {
	azureClient := meta.(*Client)
	mgmtClient := azureClient.mgmtClient
	secGroupClient := azureClient.secGroupClient

	azureClient.secGroupMutex.Lock()
	defer azureClient.secGroupMutex.Unlock()

	// create and configure the RuleResponse:
	name := d.Get("name").(string)
	rule := netsecgroup.RuleRequest{
		Name:                     name,
		Type:                     netsecgroup.RuleType(d.Get("type").(string)),
		Priority:                 d.Get("priority").(int),
		Action:                   netsecgroup.RuleAction(d.Get("action").(string)),
		SourceAddressPrefix:      d.Get("source_address_prefix").(string),
		SourcePortRange:          d.Get("source_port_range").(string),
		DestinationAddressPrefix: d.Get("destination_address_prefix").(string),
		DestinationPortRange:     d.Get("destination_port_range").(string),
		Protocol:                 netsecgroup.RuleProtocol(d.Get("protocol").(string)),
	}

	// apply the rule to all the necessary network security groups:
	secGroups := d.Get("security_group_names").(*schema.Set).List()
	for _, sg := range secGroups {
		secGroup := sg.(string)

		// send the create request to Azure:
		log.Printf("[INFO] Sending Azure security group rule addition request for security group %q.", secGroup)
		reqID, err := secGroupClient.SetNetworkSecurityGroupRule(
			secGroup,
			rule,
		)
		if err != nil {
			return fmt.Errorf("Error sending Azure network security group rule creation request for security group %q: %s", secGroup, err)
		}
		err = mgmtClient.WaitForOperation(reqID, nil)
		if err != nil {
			return fmt.Errorf("Error creating Azure network security group rule for security group %q: %s", secGroup, err)
		}
	}

	d.SetId(name)
	return nil
}
// resourceAzureSecurityGroupRuleCreate does all the necessary API calls to
// create a new network security group rule on Azure.
func resourceAzureSecurityGroupRuleCreate(d *schema.ResourceData, meta interface{}) error {
	azureClient := meta.(*Client)
	mgmtClient := azureClient.mgmtClient
	secGroupClient := azureClient.secGroupClient

	// create and configure the RuleResponse:
	name := d.Get("name").(string)
	rule := netsecgroup.RuleRequest{
		Name:                     name,
		Type:                     netsecgroup.RuleType(d.Get("type").(string)),
		Priority:                 d.Get("priority").(int),
		Action:                   netsecgroup.RuleAction(d.Get("action").(string)),
		SourceAddressPrefix:      d.Get("source_address_prefix").(string),
		SourcePortRange:          d.Get("source_port_range").(string),
		DestinationAddressPrefix: d.Get("destination_address_prefix").(string),
		DestinationPortRange:     d.Get("destination_port_range").(string),
		Protocol:                 netsecgroup.RuleProtocol(d.Get("protocol").(string)),
	}

	// send the create request to Azure:
	log.Println("[INFO] Sending network security group rule creation request to Azure.")
	reqID, err := secGroupClient.SetNetworkSecurityGroupRule(
		d.Get("security_group_name").(string),
		rule,
	)
	if err != nil {
		return fmt.Errorf("Error sending network security group rule creation request to Azure: %s", err)
	}
	err = mgmtClient.WaitForOperation(reqID, nil)
	if err != nil {
		return fmt.Errorf("Error creating network security group rule on Azure: %s", err)
	}

	d.SetId(name)
	return nil
}
// resourceAzureSecurityGroupRuleUpdate does all the necessary API calls to
// update the state of a network security group ruke off Azure.
func resourceAzureSecurityGroupRuleUpdate(d *schema.ResourceData, meta interface{}) error {
	azureClient := meta.(*Client)
	mgmtClient := azureClient.mgmtClient
	secGroupClient := azureClient.secGroupClient

	secGroupName := d.Get("security_group_name").(string)

	// get info on the network security group and check its rules for this one:
	log.Println("[INFO] Sending network security group rule query for update to Azure.")
	secgroup, err := secGroupClient.GetNetworkSecurityGroup(secGroupName)
	if err != nil {
		if !management.IsResourceNotFoundError(err) {
			return fmt.Errorf("Error issuing network security group rules query: %s", err)
		} else {
			// it meants that the network security group this rule belonged to has
			// been deleted; so we must remove this resource from the schema:
			d.SetId("")
			return nil
		}
	}

	// try and find our security group rule:
	var found bool
	name := d.Get("name").(string)
	for _, rule := range secgroup.Rules {
		if rule.Name == name {
			found = true
		}
	}
	// check is the resource has not been deleted in the meantime:
	if !found {
		// if not; remove the resource:
		d.SetId("")
		return nil
	}

	// else, start building up the rule request struct:
	newRule := netsecgroup.RuleRequest{
		Name:                     d.Get("name").(string),
		Type:                     netsecgroup.RuleType(d.Get("type").(string)),
		Priority:                 d.Get("priority").(int),
		Action:                   netsecgroup.RuleAction(d.Get("action").(string)),
		SourceAddressPrefix:      d.Get("source_address_prefix").(string),
		SourcePortRange:          d.Get("source_port_range").(string),
		DestinationAddressPrefix: d.Get("destination_address_prefix").(string),
		DestinationPortRange:     d.Get("destination_port_range").(string),
		Protocol:                 netsecgroup.RuleProtocol(d.Get("protocol").(string)),
	}

	// send the create request to Azure:
	log.Println("[INFO] Sending network security group rule update request to Azure.")
	reqID, err := secGroupClient.SetNetworkSecurityGroupRule(
		secGroupName,
		newRule,
	)
	if err != nil {
		return fmt.Errorf("Error sending network security group rule update request to Azure: %s", err)
	}
	err = mgmtClient.WaitForOperation(reqID, nil)
	if err != nil {
		return fmt.Errorf("Error updating network security group rule on Azure: %s", err)
	}

	return nil
}
コード例 #4
0
// resourceAzureSecurityGroupRuleUpdate does all the necessary API calls to
// update the state of a network security group rule off Azure.
func resourceAzureSecurityGroupRuleUpdate(d *schema.ResourceData, meta interface{}) error {
	azureClient := meta.(*Client)
	mgmtClient := azureClient.mgmtClient
	secGroupClient := azureClient.secGroupClient

	var found bool
	name := d.Get("name").(string)
	newRule := netsecgroup.RuleRequest{
		Name:                     d.Get("name").(string),
		Type:                     netsecgroup.RuleType(d.Get("type").(string)),
		Priority:                 d.Get("priority").(int),
		Action:                   netsecgroup.RuleAction(d.Get("action").(string)),
		SourceAddressPrefix:      d.Get("source_address_prefix").(string),
		SourcePortRange:          d.Get("source_port_range").(string),
		DestinationAddressPrefix: d.Get("destination_address_prefix").(string),
		DestinationPortRange:     d.Get("destination_port_range").(string),
		Protocol:                 netsecgroup.RuleProtocol(d.Get("protocol").(string)),
	}

	// iterate over all the security groups that should have this rule and
	// update it per security group:
	remaining := schema.NewSet(schema.HashString, nil)
	secGroupNames := d.Get("security_group_names").(*schema.Set).List()
	for _, sg := range secGroupNames {
		secGroupName := sg.(string)

		// get info on the network security group and check its rules for this one:
		log.Printf("[INFO] Sending Azure network security group rule query for security group %q.", secGroupName)
		secgroup, err := secGroupClient.GetNetworkSecurityGroup(secGroupName)
		if err != nil {
			if !management.IsResourceNotFoundError(err) {
				return fmt.Errorf("Error issuing network security group rules query: %s", err)
			} else {
				// it meants that the network security group this rule belonged to has
				// been deleted; so we skip this iteration:
				continue
			}
		}

		// try and find our security group rule:
		for _, rule := range secgroup.Rules {
			if rule.Name == name {
				// note the fact that this rule still applies to this security group:
				found = true
				remaining.Add(secGroupName)

				// and go ahead and update it:
				log.Printf("[INFO] Sending Azure network security group rule update request for security group %q.", secGroupName)
				reqID, err := secGroupClient.SetNetworkSecurityGroupRule(
					secGroupName,
					newRule,
				)
				if err != nil {
					return fmt.Errorf("Error sending Azure network security group rule update request for security group %q: %s", secGroupName, err)
				}
				err = mgmtClient.WaitForOperation(reqID, nil)
				if err != nil {
					return fmt.Errorf("Error updating Azure network security group rule for security group %q: %s", secGroupName, err)
				}

				break
			}
		}
	}

	// check to see if there is any security group still having this rule:
	if !found {
		d.SetId("")
		return nil
	}

	// here; we must update the set of security groups still having this rule:
	d.Set("security_group_names", remaining)

	return nil
}