// CreateRule will create a Firewall Rule with a random source address and
//source port, destination address and port. An error will be returned if
// the rule could not be created.
func CreateRule(t *testing.T, client *gophercloud.ServiceClient) (*rules.Rule, error) {
ruleName := tools.RandomString("TESTACC-", 8)
sourceAddress := fmt.Sprintf("192.168.1.%d", tools.RandomInt(1, 100))
sourcePort := strconv.Itoa(tools.RandomInt(1, 100))
destinationAddress := fmt.Sprintf("192.168.2.%d", tools.RandomInt(1, 100))
destinationPort := strconv.Itoa(tools.RandomInt(1, 100))
t.Logf("Attempting to create rule %s with source %s:%s and destination %s:%s",
ruleName, sourceAddress, sourcePort, destinationAddress, destinationPort)
createOpts := rules.CreateOpts{
Name: ruleName,
Protocol: rules.ProtocolTCP,
Action: "allow",
SourceIPAddress: sourceAddress,
SourcePort: sourcePort,
DestinationIPAddress: destinationAddress,
DestinationPort: destinationPort,
}
rule, err := rules.Create(client, createOpts).Extract()
if err != nil {
return rule, err
}
t.Logf("Rule %s successfully created", ruleName)
return rule, nil
}
func TestCreateAnyProtocol(t *testing.T) {
th.SetupHTTP()
defer th.TeardownHTTP()
th.Mux.HandleFunc("/v2.0/fw/firewall_rules", func(w http.ResponseWriter, r *http.Request) {
th.TestMethod(t, r, "POST")
th.TestHeader(t, r, "X-Auth-Token", fake.TokenID)
th.TestHeader(t, r, "Content-Type", "application/json")
th.TestHeader(t, r, "Accept", "application/json")
th.TestJSONRequest(t, r, `
{
"firewall_rule": {
"protocol": null,
"description": "any to 192.168.1.0/24",
"destination_ip_address": "192.168.1.0/24",
"name": "any_to_192.168.1.0/24",
"action": "allow",
"tenant_id": "80cf934d6ffb4ef5b244f1c512ad1e61"
}
}
`)
w.Header().Add("Content-Type", "application/json")
w.WriteHeader(http.StatusCreated)
fmt.Fprintf(w, `
{
"firewall_rule":{
"protocol": null,
"description": "any to 192.168.1.0/24",
"source_port": null,
"source_ip_address": null,
"destination_ip_address": "192.168.1.0/24",
"firewall_policy_id": "e2a5fb51-698c-4898-87e8-f1eee6b50919",
"position": 2,
"destination_port": null,
"id": "f03bd950-6c56-4f5e-a307-45967078f507",
"name": "any_to_192.168.1.0/24",
"tenant_id": "80cf934d6ffb4ef5b244f1c512ad1e61",
"enabled": true,
"action": "allow",
"ip_version": 4,
"shared": false
}
}
`)
})
options := rules.CreateOpts{
TenantID: "80cf934d6ffb4ef5b244f1c512ad1e61",
Protocol: rules.ProtocolAny,
Description: "any to 192.168.1.0/24",
DestinationIPAddress: "192.168.1.0/24",
Name: "any_to_192.168.1.0/24",
Action: "allow",
}
_, err := rules.Create(fake.ServiceClient(), options).Extract()
th.AssertNoErr(t, err)
}
func resourceFWRuleV1Create(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
networkingClient, err := config.networkingV2Client(d.Get("region").(string))
if err != nil {
return fmt.Errorf("Error creating OpenStack networking client: %s", err)
}
enabled := d.Get("enabled").(bool)
ipVersion := resourceFWRuleV1DetermineIPVersion(d.Get("ip_version").(int))
ruleConfiguration := rules.CreateOpts{
Name: d.Get("name").(string),
Description: d.Get("description").(string),
Protocol: d.Get("protocol").(string),
Action: d.Get("action").(string),
IPVersion: ipVersion,
SourceIPAddress: d.Get("source_ip_address").(string),
DestinationIPAddress: d.Get("destination_ip_address").(string),
SourcePort: d.Get("source_port").(string),
DestinationPort: d.Get("destination_port").(string),
Enabled: &enabled,
TenantID: d.Get("tenant_id").(string),
}
if v, ok := d.GetOk("ip_version"); ok {
ipVersion := resourceFWRuleV1DetermineIPVersion(v.(int))
ruleConfiguration.IPVersion = ipVersion
}
log.Printf("[DEBUG] Create firewall rule: %#v", ruleConfiguration)
rule, err := rules.Create(networkingClient, ruleConfiguration).Extract()
if err != nil {
return err
}
log.Printf("[DEBUG] Firewall rule with id %s : %#v", rule.ID, rule)
d.SetId(rule.ID)
return resourceFWRuleV1Read(d, meta)
}