func resourceFWRuleV1Read(d *schema.ResourceData, meta interface{}) error { log.Printf("[DEBUG] Retrieve information about firewall rule: %s", d.Id()) config := meta.(*Config) networkingClient, err := config.networkingV2Client(d.Get("region").(string)) if err != nil { return fmt.Errorf("Error creating OpenStack networking client: %s", err) } rule, err := rules.Get(networkingClient, d.Id()).Extract() if err != nil { return CheckDeleted(d, err, "FW rule") } log.Printf("[DEBUG] Read OpenStack Firewall Rule %s: %#v", d.Id(), rule) d.Set("action", rule.Action) d.Set("name", rule.Name) d.Set("description", rule.Description) d.Set("ip_version", rule.IPVersion) d.Set("source_ip_address", rule.SourceIPAddress) d.Set("destination_ip_address", rule.DestinationIPAddress) d.Set("source_port", rule.SourcePort) d.Set("destination_port", rule.DestinationPort) d.Set("enabled", rule.Enabled) if rule.Protocol == "" { d.Set("protocol", "any") } else { d.Set("protocol", rule.Protocol) } return nil }
func TestRuleCRUD(t *testing.T) { client, err := clients.NewNetworkV2Client() if err != nil { t.Fatalf("Unable to create a network client: %v", err) } rule, err := CreateRule(t, client) if err != nil { t.Fatalf("Unable to create rule: %v", err) } defer DeleteRule(t, client, rule.ID) PrintRule(t, rule) ruleDescription := "Some rule description" updateOpts := rules.UpdateOpts{ Description: &ruleDescription, } _, err = rules.Update(client, rule.ID, updateOpts).Extract() if err != nil { t.Fatalf("Unable to update rule: %v", err) } newRule, err := rules.Get(client, rule.ID).Extract() if err != nil { t.Fatalf("Unable to get rule: %v", err) } PrintRule(t, newRule) }
func TestGet(t *testing.T) { th.SetupHTTP() defer th.TeardownHTTP() th.Mux.HandleFunc("/v2.0/fw/firewall_rules/f03bd950-6c56-4f5e-a307-45967078f507", func(w http.ResponseWriter, r *http.Request) { th.TestMethod(t, r, "GET") th.TestHeader(t, r, "X-Auth-Token", fake.TokenID) w.Header().Add("Content-Type", "application/json") w.WriteHeader(http.StatusOK) fmt.Fprintf(w, ` { "firewall_rule":{ "protocol": "tcp", "description": "ssh rule", "source_port": null, "source_ip_address": null, "destination_ip_address": "192.168.1.0/24", "firewall_policy_id": "e2a5fb51-698c-4898-87e8-f1eee6b50919", "position": 2, "destination_port": "22", "id": "f03bd950-6c56-4f5e-a307-45967078f507", "name": "ssh_form_any", "tenant_id": "80cf934d6ffb4ef5b244f1c512ad1e61", "enabled": true, "action": "allow", "ip_version": 4, "shared": false } } `) }) rule, err := rules.Get(fake.ServiceClient(), "f03bd950-6c56-4f5e-a307-45967078f507").Extract() th.AssertNoErr(t, err) th.AssertEquals(t, "tcp", rule.Protocol) th.AssertEquals(t, "ssh rule", rule.Description) th.AssertEquals(t, "192.168.1.0/24", rule.DestinationIPAddress) th.AssertEquals(t, "e2a5fb51-698c-4898-87e8-f1eee6b50919", rule.PolicyID) th.AssertEquals(t, 2, rule.Position) th.AssertEquals(t, "22", rule.DestinationPort) th.AssertEquals(t, "f03bd950-6c56-4f5e-a307-45967078f507", rule.ID) th.AssertEquals(t, "ssh_form_any", rule.Name) th.AssertEquals(t, "80cf934d6ffb4ef5b244f1c512ad1e61", rule.TenantID) th.AssertEquals(t, true, rule.Enabled) th.AssertEquals(t, "allow", rule.Action) th.AssertEquals(t, 4, rule.IPVersion) th.AssertEquals(t, false, rule.Shared) }
func testAccCheckFWRuleV1Exists(n string, expected *rules.Rule) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] if !ok { return fmt.Errorf("Not found: %s", n) } if rs.Primary.ID == "" { return fmt.Errorf("No ID is set") } config := testAccProvider.Meta().(*Config) networkingClient, err := config.networkingV2Client(OS_REGION_NAME) if err != nil { return fmt.Errorf("(testAccCheckFirewallRuleExists) Error creating OpenStack networking client: %s", err) } var found *rules.Rule for i := 0; i < 5; i++ { // Firewall rule creation is asynchronous. Retry some times // if we get a 404 error. Fail on any other error. found, err = rules.Get(networkingClient, rs.Primary.ID).Extract() if err != nil { if _, ok := err.(gophercloud.ErrDefault404); ok { time.Sleep(time.Second) continue } return err } break } expected.ID = found.ID // Erase the tenant id because we don't want to compare // it as long it is not present in the expected found.TenantID = "" if !reflect.DeepEqual(expected, found) { return fmt.Errorf("Expected:\n%#v\nFound:\n%#v", expected, found) } return nil } }
func testAccCheckFWRuleV1Destroy(s *terraform.State) error { config := testAccProvider.Meta().(*Config) networkingClient, err := config.networkingV2Client(OS_REGION_NAME) if err != nil { return fmt.Errorf("(testAccCheckOpenstackFirewallRuleDestroy) Error creating OpenStack networking client: %s", err) } for _, rs := range s.RootModule().Resources { if rs.Type != "openstack_firewall_rule" { continue } _, err = rules.Get(networkingClient, rs.Primary.ID).Extract() if err == nil { return fmt.Errorf("Firewall rule (%s) still exists.", rs.Primary.ID) } if _, ok := err.(gophercloud.ErrDefault404); !ok { return err } } return nil }
func resourceFWRuleV1Delete(d *schema.ResourceData, meta interface{}) error { log.Printf("[DEBUG] Destroy firewall rule: %s", d.Id()) config := meta.(*Config) networkingClient, err := config.networkingV2Client(d.Get("region").(string)) if err != nil { return fmt.Errorf("Error creating OpenStack networking client: %s", err) } rule, err := rules.Get(networkingClient, d.Id()).Extract() if err != nil { return err } if rule.PolicyID != "" { _, err := policies.RemoveRule(networkingClient, rule.PolicyID, rule.ID).Extract() if err != nil { return err } } return rules.Delete(networkingClient, d.Id()).Err }