-
Notifications
You must be signed in to change notification settings - Fork 92
/
schema_resource.go
161 lines (155 loc) · 4.78 KB
/
schema_resource.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
package firewall
import (
"strings"
"github.com/hashicorp/go-cty/cty"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
"github.com/linode/terraform-provider-linode/linode/helper"
)
var resourceRuleSchema = map[string]*schema.Schema{
"label": {
Type: schema.TypeString,
Description: `Used to identify this rule. For display purposes only.`,
Required: true,
},
"action": {
Type: schema.TypeString,
Description: "Controls whether traffic is accepted or dropped by this rule. Overrides the Firewall’s " +
"inbound_policy if this is an inbound rule, or the outbound_policy if this is an outbound rule.",
Required: true,
},
"ports": {
Type: schema.TypeString,
Description: `A string representation of ports and/or port ranges (i.e. "443" or "80-90, 91").`,
Optional: true,
},
"protocol": {
Type: schema.TypeString,
Description: "The network protocol this rule controls.",
StateFunc: func(val interface{}) string {
return strings.ToUpper(val.(string))
},
Required: true,
},
"ipv4": {
Type: schema.TypeList,
Elem: &schema.Schema{
Type: schema.TypeString,
},
Description: "A list of IP addresses, CIDR blocks, or 0.0.0.0/0 (to allow all) this rule applies to.",
Optional: true,
},
"ipv6": {
Type: schema.TypeList,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateDiagFunc: func(i interface{}, path cty.Path) diag.Diagnostics {
err := helper.ValidateIPv6Range(i.(string))
if err != nil {
return diag.FromErr(err)
}
return nil
},
DiffSuppressFunc: func(k, oldValue, newValue string, d *schema.ResourceData) bool {
// We handle validation separately
result, _ := helper.CompareIPv6Ranges(oldValue, newValue)
return result
},
},
Description: "A list of IPv6 addresses or networks this rule applies to.",
Optional: true,
},
}
var resourceDeviceSchema = map[string]*schema.Schema{
"id": {
Type: schema.TypeInt,
Description: "The ID of the firewall device.",
Computed: true,
},
"entity_id": {
Type: schema.TypeInt,
Computed: true,
Description: "The ID of the underlying entity for the firewall device (e.g. the Linode's ID).",
},
"type": {
Type: schema.TypeString,
Description: "The type of firewall device.",
Computed: true,
},
"label": {
Type: schema.TypeString,
Description: "The label of the underlying entity for the firewall device.",
Computed: true,
},
"url": {
Type: schema.TypeString,
Description: "The URL of the underlying entity for the firewall device.",
Computed: true,
},
}
var resourceSchema = map[string]*schema.Schema{
"label": {
Type: schema.TypeString,
Description: "The label for the Firewall. For display purposes only. If no label is provided, a " +
"default will be assigned.",
Required: true,
ValidateFunc: validation.StringLenBetween(3, 32),
},
"tags": {
Type: schema.TypeSet,
Description: "An array of tags applied to this object. Tags are for organizational purposes only.",
Elem: &schema.Schema{Type: schema.TypeString},
Optional: true,
Set: schema.HashString,
},
"disabled": {
Type: schema.TypeBool,
Description: "If true, the Firewall is inactive.",
Optional: true,
Default: false,
},
"inbound": {
Type: schema.TypeList,
Elem: resourceFirewallRules(),
Description: "A firewall rule that specifies what inbound network traffic is allowed.",
Optional: true,
},
"inbound_policy": {
Type: schema.TypeString,
Description: "The default behavior for inbound traffic. This setting can be overridden by updating " +
"the inbound.action property for an individual Firewall Rule.",
Required: true,
},
"outbound": {
Type: schema.TypeList,
Elem: resourceFirewallRules(),
Description: "A firewall rule that specifies what outbound network traffic is allowed.",
Optional: true,
},
"outbound_policy": {
Type: schema.TypeString,
Description: "The default behavior for outbound traffic. This setting can be overridden by updating " +
"the outbound.action property for an individual Firewall Rule.",
Required: true,
},
"linodes": {
Type: schema.TypeSet,
Elem: &schema.Schema{Type: schema.TypeInt},
Description: "The IDs of Linodes to apply this firewall to.",
Optional: true,
Computed: true,
Set: schema.HashInt,
},
"devices": {
Type: schema.TypeList,
Elem: resourceFirewallDevice(),
Computed: true,
Description: "The devices associated with this firewall.",
},
"status": {
Type: schema.TypeString,
Description: "The status of the firewall.",
Computed: true,
},
}