-
Notifications
You must be signed in to change notification settings - Fork 117
/
resource_bigip_ipsec_profile.go
134 lines (124 loc) · 4.42 KB
/
resource_bigip_ipsec_profile.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
/*
Copyright 2019 F5 Networks Inc.
This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
If a copy of the MPL was not distributed with this file, You can obtain one at https://mozilla.org/MPL/2.0/.
*/
package bigip
import (
"context"
"fmt"
"log"
bigip "github.com/f5devcentral/go-bigip"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)
func resourceBigipIpsecProfile() *schema.Resource {
return &schema.Resource{
CreateContext: resourceBigipIpsecProfileCreate,
ReadContext: resourceBigipIpsecProfileRead,
UpdateContext: resourceBigipIpsecProfileUpdate,
DeleteContext: resourceBigipIpsecProfileDelete,
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
Description: "Displays the name of the IPsec interface tunnel profile",
ForceNew: true,
ValidateFunc: validateF5Name,
},
"description": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: "Specifies descriptive text that identifies the IPsec interface tunnel profile",
},
"parent_profile": {
Type: schema.TypeString,
Default: "/Common/ipsec",
Optional: true,
Description: "Specifies the profile from which this profile inherits settings. The default is the system-supplied `/Common/ipsec` profile",
},
"traffic_selector": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validateF5Name,
Description: "Specifies the traffic selector for the IPsec interface tunnel to which the profile is applied",
},
},
}
}
func resourceBigipIpsecProfileCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
client := meta.(*bigip.BigIP)
name := d.Get("name").(string)
log.Println("[INFO] Creating IPSec profile " + name)
pss := &bigip.IPSecProfile{
Name: name,
}
selectorConfig := getIPSecProfileConfig(d, pss)
err := client.CreateIPSecProfile(selectorConfig)
if err != nil {
log.Printf("[ERROR] Unable to Create IPsec profile (%s) (%v)", name, err)
return diag.FromErr(err)
}
d.SetId(name)
return resourceBigipIpsecProfileRead(ctx, d, meta)
}
func resourceBigipIpsecProfileRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
client := meta.(*bigip.BigIP)
name := d.Id()
log.Printf("[INFO] Reading IPsec profile :%+v", name)
ts, err := client.GetIPSecProfile(name)
log.Printf("IPsec Profile:%+v", ts)
if err != nil {
return diag.FromErr(err)
}
if ts == nil {
d.SetId("")
return diag.FromErr(fmt.Errorf("[ERROR] IPsec profile (%s) not found, removing from state", d.Id()))
}
if err := d.Set("parent_profile", ts.DefaultsFrom); err != nil {
return diag.FromErr(fmt.Errorf("[DEBUG] Error saving IPsec parent profile (%s): %s", d.Id(), err))
}
if err := d.Set("traffic_selector", ts.TrafficSelector); err != nil {
return diag.FromErr(fmt.Errorf("[DEBUG] Error saving IPsec profile (%s): %s", d.Id(), err))
}
_ = d.Set("description", ts.Description)
_ = d.Set("name", name)
return nil
}
func resourceBigipIpsecProfileUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
client := meta.(*bigip.BigIP)
name := d.Id()
log.Printf("[INFO] Updating IPsec Profile:%+v ", name)
pss := &bigip.IPSecProfile{
Name: name,
}
config := getIPSecProfileConfig(d, pss)
err := client.ModifyIPSecProfile(name, config)
if err != nil {
log.Printf("[ERROR] Unable to Modify IPsec Profile (%s) (%v) ", name, err)
return diag.FromErr(err)
}
return resourceBigipIpsecProfileRead(ctx, d, meta)
}
func resourceBigipIpsecProfileDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
client := meta.(*bigip.BigIP)
name := d.Id()
log.Printf("[INFO] Deleting IPsec Profile :%+v ", name)
err := client.DeleteIPSecProfile(name)
if err != nil {
return diag.FromErr(fmt.Errorf("[ERROR] Unable to Delete IPsec Profile (%s) (%v) ", name, err))
}
d.SetId("")
return nil
}
func getIPSecProfileConfig(d *schema.ResourceData, config *bigip.IPSecProfile) *bigip.IPSecProfile {
config.DefaultsFrom = d.Get("parent_profile").(string)
config.Description = d.Get("description").(string)
config.TrafficSelector = d.Get("traffic_selector").(string)
return config
}