IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

provider/aws: Convert AWS Security Group to aws-sdk-go

Browse Source 
Convert security group test too
This commit is contained in:
Clint Shryock 2015-03-09 10:02:27 -05:00
parent e32ad9e3ae
commit 20b02cacd4
3 changed files with 223 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
builtin/providers/aws/resource_aws_security_group.go
View File

@ -7,10 +7,11 @@ import (
"sort" "sort"
"time" "time"
"github.com/hashicorp/aws-sdk-go/aws"
"github.com/hashicorp/aws-sdk-go/gen/ec2"
"github.com/hashicorp/terraform/helper/hashcode" "github.com/hashicorp/terraform/helper/hashcode"
"github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/schema"
"github.com/mitchellh/goamz/ec2"
) )
func resourceAwsSecurityGroup() *schema.Resource { func resourceAwsSecurityGroup() *schema.Resource {
@ -141,18 +142,18 @@ func resourceAwsSecurityGroup() *schema.Resource {
} }
func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error { func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn ec2conn := meta.(*AWSClient).awsEC2conn
securityGroupOpts := ec2.SecurityGroup{ securityGroupOpts := &ec2.CreateSecurityGroupRequest{
Name: d.Get("name").(string), GroupName: aws.String(d.Get("name").(string)),
} }
if v := d.Get("vpc_id"); v != nil { if v := d.Get("vpc_id"); v != nil {
securityGroupOpts.VpcId = v.(string) securityGroupOpts.VPCID = aws.String(v.(string))
} }
if v := d.Get("description"); v != nil { if v := d.Get("description"); v != nil {
securityGroupOpts.Description = v.(string) securityGroupOpts.Description = aws.String(v.(string))
} }
log.Printf( log.Printf(
@ -162,7 +163,7 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
return fmt.Errorf("Error creating Security Group: %s", err) return fmt.Errorf("Error creating Security Group: %s", err)
} }
d.SetId(createResp.Id) d.SetId(*createResp.GroupID)
log.Printf("[INFO] Security Group ID: %s", d.Id()) log.Printf("[INFO] Security Group ID: %s", d.Id())
@ -186,7 +187,7 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
} }
func resourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) error { func resourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn ec2conn := meta.(*AWSClient).awsEC2conn
sgRaw, _, err := SGStateRefreshFunc(ec2conn, d.Id())() sgRaw, _, err := SGStateRefreshFunc(ec2conn, d.Id())()
if err != nil { if err != nil {
@ -197,24 +198,23 @@ func resourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) erro
return nil return nil
} }
sg := sgRaw.(*ec2.SecurityGroupInfo) sg := sgRaw.(ec2.SecurityGroup)
ingressRules := resourceAwsSecurityGroupIPPermGather(d, sg.IPPerms) ingressRules := resourceAwsSecurityGroupIPPermGather(d, sg.IPPermissions)
egressRules := resourceAwsSecurityGroupIPPermGather(d, sg.IPPermsEgress) egressRules := resourceAwsSecurityGroupIPPermGather(d, sg.IPPermissionsEgress)
d.Set("description", sg.Description) d.Set("description", sg.Description)
d.Set("name", sg.Name) d.Set("name", sg.GroupName)
d.Set("vpc_id", sg.VpcId) d.Set("vpc_id", sg.VPCID)
d.Set("owner_id", sg.OwnerId) d.Set("owner_id", sg.OwnerID)
d.Set("ingress", ingressRules) d.Set("ingress", ingressRules)
d.Set("egress", egressRules) d.Set("egress", egressRules)
d.Set("tags", tagsToMap(sg.Tags)) d.Set("tags", tagsToMapSDK(sg.Tags))
return nil return nil
} }
func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error { func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn ec2conn := meta.(*AWSClient).awsEC2conn
sgRaw, _, err := SGStateRefreshFunc(ec2conn, d.Id())() sgRaw, _, err := SGStateRefreshFunc(ec2conn, d.Id())()
if err != nil { if err != nil {
@ -224,7 +224,8 @@ func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) er
d.SetId("") d.SetId("")
return nil return nil
} }
group := sgRaw.(*ec2.SecurityGroupInfo).SecurityGroup
group := sgRaw.(ec2.SecurityGroup)
err = resourceAwsSecurityGroupUpdateRules(d, "ingress", meta, group) err = resourceAwsSecurityGroupUpdateRules(d, "ingress", meta, group)
if err != nil { if err != nil {
@ -238,7 +239,7 @@ func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) er
} }
} }
if err := setTags(ec2conn, d); err != nil { if err := setTagsSDK(ec2conn, d); err != nil {
return err return err
} }
@ -248,14 +249,16 @@ func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) er
} }
func resourceAwsSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error { func resourceAwsSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn ec2conn := meta.(*AWSClient).awsEC2conn
log.Printf("[DEBUG] Security Group destroy: %v", d.Id()) log.Printf("[DEBUG] Security Group destroy: %v", d.Id())
return resource.Retry(5*time.Minute, func() error { return resource.Retry(5*time.Minute, func() error {
_, err := ec2conn.DeleteSecurityGroup(ec2.SecurityGroup{Id: d.Id()}) err := ec2conn.DeleteSecurityGroup(&ec2.DeleteSecurityGroupRequest{
GroupID: aws.String(d.Id()),
})
if err != nil { if err != nil {
ec2err, ok := err.(*ec2.Error) ec2err, ok := err.(aws.APIError)
if !ok { if !ok {
return err return err
} }
@ -313,34 +316,49 @@ func resourceAwsSecurityGroupRuleHash(v interface{}) int {
return hashcode.String(buf.String()) return hashcode.String(buf.String())
} }
func resourceAwsSecurityGroupIPPermGather(d *schema.ResourceData, permissions []ec2.IPPerm) []map[string]interface{} { func resourceAwsSecurityGroupIPPermGather(d *schema.ResourceData, permissions []ec2.IPPermission) []map[string]interface{} {
ruleMap := make(map[string]map[string]interface{}) ruleMap := make(map[string]map[string]interface{})
for _, perm := range permissions { for _, perm := range permissions {
k := fmt.Sprintf("%s-%d-%d", perm.Protocol, perm.FromPort, perm.ToPort) var fromPort, toPort int
if perm.FromPort == nil {
fromPort = 0
} else {
fromPort = *perm.FromPort
}
if perm.ToPort == nil {
toPort = 0
} else {
toPort = *perm.ToPort
}
k := fmt.Sprintf("%s-%d-%d", *perm.IPProtocol, fromPort, toPort)
m, ok := ruleMap[k] m, ok := ruleMap[k]
if !ok { if !ok {
m = make(map[string]interface{}) m = make(map[string]interface{})
ruleMap[k] = m ruleMap[k] = m
} }
m["from_port"] = perm.FromPort m["from_port"] = fromPort
m["to_port"] = perm.ToPort m["to_port"] = toPort
m["protocol"] = perm.Protocol m["protocol"] = *perm.IPProtocol
if len(perm.SourceIPs) > 0 { if len(perm.IPRanges) > 0 {
raw, ok := m["cidr_blocks"] raw, ok := m["cidr_blocks"]
if !ok { if !ok {
raw = make([]string, 0, len(perm.SourceIPs)) raw = make([]string, 0, len(perm.IPRanges))
} }
list := raw.([]string) list := raw.([]string)
list = append(list, perm.SourceIPs...) for _, ip := range perm.IPRanges {
list = append(list, *ip.CIDRIP)
}
m["cidr_blocks"] = list m["cidr_blocks"] = list
} }
var groups []string var groups []string
if len(perm.SourceGroups) > 0 { if len(perm.UserIDGroupPairs) > 0 {
groups = flattenSecurityGroups(perm.SourceGroups) groups = flattenSecurityGroupsSDK(perm.UserIDGroupPairs)
} }
for i, id := range groups { for i, id := range groups {
if id == d.Id() { if id == d.Id() {
@ -364,7 +382,6 @@ func resourceAwsSecurityGroupIPPermGather(d *schema.ResourceData, permissions []
for _, m := range ruleMap { for _, m := range ruleMap {
rules = append(rules, m) rules = append(rules, m)
} }
return rules return rules
} }
@ -383,8 +400,9 @@ func resourceAwsSecurityGroupUpdateRules(
os := o.(*schema.Set) os := o.(*schema.Set)
ns := n.(*schema.Set) ns := n.(*schema.Set)
remove := expandIPPerms(d.Id(), os.Difference(ns).List()) // TODO: re-munge this when test is updated
add := expandIPPerms(d.Id(), ns.Difference(os).List()) remove := expandIPPermsSDK(d.Id(), os.Difference(ns).List())
add := expandIPPermsSDK(d.Id(), ns.Difference(os).List())
// TODO: We need to handle partial state better in the in-between // TODO: We need to handle partial state better in the in-between
// in this update. // in this update.
@ -396,34 +414,53 @@ func resourceAwsSecurityGroupUpdateRules(
// not have service issues. // not have service issues.
if len(remove) > 0 || len(add) > 0 { if len(remove) > 0 || len(add) > 0 {
ec2conn := meta.(*AWSClient).ec2conn ec2conn := meta.(*AWSClient).awsEC2conn
var err error
if len(remove) > 0 { if len(remove) > 0 {
// Revoke the old rules
revoke := ec2conn.RevokeSecurityGroup
if ruleset == "egress" {
revoke = ec2conn.RevokeSecurityGroupEgress
}
log.Printf("[DEBUG] Revoking security group %s %s rule: %#v", log.Printf("[DEBUG] Revoking security group %s %s rule: %#v",
group, ruleset, remove) group, ruleset, remove)
if _, err := revoke(group, remove); err != nil {
if ruleset == "egress" {
req := &ec2.RevokeSecurityGroupEgressRequest{
GroupID: group.GroupID,
IPPermissions: remove,
}
err = ec2conn.RevokeSecurityGroupEgress(req)
} else {
req := &ec2.RevokeSecurityGroupIngressRequest{
GroupID: group.GroupID,
IPPermissions: remove,
}
err = ec2conn.RevokeSecurityGroupIngress(req)
}
if err != nil {
return fmt.Errorf( return fmt.Errorf(
"Error revoking security group %s rules: %s", "Error authorizing security group %s rules: %s",
ruleset, err) ruleset, err)
} }
} }
if len(add) > 0 { if len(add) > 0 {
// Authorize the new rules
authorize := ec2conn.AuthorizeSecurityGroup
if ruleset == "egress" {
authorize = ec2conn.AuthorizeSecurityGroupEgress
}
log.Printf("[DEBUG] Authorizing security group %s %s rule: %#v", log.Printf("[DEBUG] Authorizing security group %s %s rule: %#v",
group, ruleset, add) group, ruleset, add)
if _, err := authorize(group, add); err != nil { // Authorize the new rules
if ruleset == "egress" {
req := &ec2.AuthorizeSecurityGroupEgressRequest{
GroupID: group.GroupID,
IPPermissions: add,
}
err = ec2conn.AuthorizeSecurityGroupEgress(req)
} else {
req := &ec2.AuthorizeSecurityGroupIngressRequest{
GroupID: group.GroupID,
IPPermissions: add,
}
err = ec2conn.AuthorizeSecurityGroupIngress(req)
}
if err != nil {
return fmt.Errorf( return fmt.Errorf(
"Error authorizing security group %s rules: %s", "Error authorizing security group %s rules: %s",
ruleset, err) ruleset, err)
@ -431,7 +468,6 @@ func resourceAwsSecurityGroupUpdateRules(
} }
} }
} }
return nil return nil
} }
@ -439,10 +475,12 @@ func resourceAwsSecurityGroupUpdateRules(
// a security group. // a security group.
func SGStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc { func SGStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc {
return func() (interface{}, string, error) { return func() (interface{}, string, error) {
sgs := []ec2.SecurityGroup{ec2.SecurityGroup{Id: id}} req := &ec2.DescribeSecurityGroupsRequest{
resp, err := conn.SecurityGroups(sgs, nil) GroupIDs: []string{id},
}
resp, err := conn.DescribeSecurityGroups(req)
if err != nil { if err != nil {
if ec2err, ok := err.(*ec2.Error); ok { if ec2err, ok := err.(aws.APIError); ok {
if ec2err.Code == "InvalidSecurityGroupID.NotFound" || if ec2err.Code == "InvalidSecurityGroupID.NotFound" ||
ec2err.Code == "InvalidGroup.NotFound" { ec2err.Code == "InvalidGroup.NotFound" {
resp = nil resp = nil
@ -460,7 +498,7 @@ func SGStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc {
return nil, "", nil return nil, "", nil
} }
group := &resp.Groups[0] group := resp.SecurityGroups[0]
return group, "exists", nil return group, "exists", nil
} }
} }

134
builtin/providers/aws/resource_aws_security_group_test.go
View File

@ -2,16 +2,18 @@ package aws
import ( import (
"fmt" "fmt"
"log"
"reflect" "reflect"
"testing" "testing"
"github.com/hashicorp/aws-sdk-go/aws"
"github.com/hashicorp/aws-sdk-go/gen/ec2"
"github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform" "github.com/hashicorp/terraform/terraform"
"github.com/mitchellh/goamz/ec2"
) )
func TestAccAWSSecurityGroup_normal(t *testing.T) { func TestAccAWSSecurityGroup_normal(t *testing.T) {
var group ec2.SecurityGroupInfo var group ec2.SecurityGroup
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) }, PreCheck: func() { testAccPreCheck(t) },
@ -44,16 +46,18 @@ func TestAccAWSSecurityGroup_normal(t *testing.T) {
} }
func TestAccAWSSecurityGroup_self(t *testing.T) { func TestAccAWSSecurityGroup_self(t *testing.T) {
var group ec2.SecurityGroupInfo var group ec2.SecurityGroup
checkSelf := func(s *terraform.State) (err error) { checkSelf := func(s *terraform.State) (err error) {
defer func() { defer func() {
if e := recover(); e != nil { if e := recover(); e != nil {
log.Printf("\n\nbad here!!")
err = fmt.Errorf("bad: %#v", group) err = fmt.Errorf("bad: %#v", group)
} }
}() }()
if group.IPPerms[0].SourceGroups[0].Id != group.Id { if *group.IPPermissions[0].UserIDGroupPairs[0].GroupID != *group.GroupID {
log.Printf("\n\n---- bad here ----\n")
return fmt.Errorf("bad: %#v", group) return fmt.Errorf("bad: %#v", group)
} }
@ -89,10 +93,10 @@ func TestAccAWSSecurityGroup_self(t *testing.T) {
} }
func TestAccAWSSecurityGroup_vpc(t *testing.T) { func TestAccAWSSecurityGroup_vpc(t *testing.T) {
var group ec2.SecurityGroupInfo var group ec2.SecurityGroup
testCheck := func(*terraform.State) error { testCheck := func(*terraform.State) error {
if group.VpcId == "" { if *group.VPCID == "" {
return fmt.Errorf("should have vpc ID") return fmt.Errorf("should have vpc ID")
} }
@ -141,7 +145,7 @@ func TestAccAWSSecurityGroup_vpc(t *testing.T) {
} }
func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) { func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) {
var group ec2.SecurityGroupInfo var group ec2.SecurityGroup
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) }, PreCheck: func() { testAccPreCheck(t) },
@ -159,7 +163,7 @@ func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) {
} }
func TestAccAWSSecurityGroup_Change(t *testing.T) { func TestAccAWSSecurityGroup_Change(t *testing.T) {
var group ec2.SecurityGroupInfo var group ec2.SecurityGroup
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) }, PreCheck: func() { testAccPreCheck(t) },
@ -184,30 +188,27 @@ func TestAccAWSSecurityGroup_Change(t *testing.T) {
} }
func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error { func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ec2conn conn := testAccProvider.Meta().(*AWSClient).awsEC2conn
for _, rs := range s.RootModule().Resources { for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_security_group" { if rs.Type != "aws_security_group" {
continue continue
} }
sgs := []ec2.SecurityGroup{
ec2.SecurityGroup{
Id: rs.Primary.ID,
},
}
// Retrieve our group // Retrieve our group
resp, err := conn.SecurityGroups(sgs, nil) req := &ec2.DescribeSecurityGroupsRequest{
GroupIDs: []string{rs.Primary.ID},
}
resp, err := conn.DescribeSecurityGroups(req)
if err == nil { if err == nil {
if len(resp.Groups) > 0 && resp.Groups[0].Id == rs.Primary.ID { if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupID == rs.Primary.ID {
return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID) return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID)
} }
return nil return nil
} }
ec2err, ok := err.(*ec2.Error) ec2err, ok := err.(aws.APIError)
if !ok { if !ok {
return err return err
} }
@ -220,7 +221,7 @@ func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error {
return nil return nil
} }
func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroupInfo) resource.TestCheckFunc { func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error { return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n] rs, ok := s.RootModule().Resources[n]
if !ok { if !ok {
@ -231,20 +232,19 @@ func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroupInfo)
return fmt.Errorf("No Security Group is set") return fmt.Errorf("No Security Group is set")
} }
conn := testAccProvider.Meta().(*AWSClient).ec2conn conn := testAccProvider.Meta().(*AWSClient).awsEC2conn
sgs := []ec2.SecurityGroup{ req := &ec2.DescribeSecurityGroupsRequest{
ec2.SecurityGroup{ GroupIDs: []string{rs.Primary.ID},
Id: rs.Primary.ID,
},
} }
resp, err := conn.SecurityGroups(sgs, nil) resp, err := conn.DescribeSecurityGroups(req)
if err != nil { if err != nil {
return err return err
} }
if len(resp.Groups) > 0 && resp.Groups[0].Id == rs.Primary.ID { if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupID == rs.Primary.ID {
*group = resp.Groups[0] log.Printf("\n==\n===\nfound group\n===\n==\n")
*group = resp.SecurityGroups[0]
return nil return nil
} }
@ -253,32 +253,32 @@ func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroupInfo)
} }
} }
func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroupInfo) resource.TestCheckFunc { func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error { return func(s *terraform.State) error {
p := ec2.IPPerm{ p := ec2.IPPermission{
FromPort: 80, FromPort: aws.Integer(80),
ToPort: 8000, ToPort: aws.Integer(8000),
Protocol: "tcp", IPProtocol: aws.String("tcp"),
SourceIPs: []string{"10.0.0.0/8"}, IPRanges: []ec2.IPRange{ec2.IPRange{aws.String("10.0.0.0/8")}},
} }
if group.Name != "terraform_acceptance_test_example" { if *group.GroupName != "terraform_acceptance_test_example" {
return fmt.Errorf("Bad name: %s", group.Name) return fmt.Errorf("Bad name: %s", *group.GroupName)
} }
if group.Description != "Used in the terraform acceptance tests" { if *group.Description != "Used in the terraform acceptance tests" {
return fmt.Errorf("Bad description: %s", group.Description) return fmt.Errorf("Bad description: %s", *group.Description)
} }
if len(group.IPPerms) == 0 { if len(group.IPPermissions) == 0 {
return fmt.Errorf("No IPPerms") return fmt.Errorf("No IPPerms")
} }
// Compare our ingress // Compare our ingress
if !reflect.DeepEqual(group.IPPerms[0], p) { if !reflect.DeepEqual(group.IPPermissions[0], p) {
return fmt.Errorf( return fmt.Errorf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n", "Got:\n\n%#v\n\nExpected:\n\n%#v\n",
group.IPPerms[0], group.IPPermissions[0],
p) p)
} }
@ -287,7 +287,7 @@ func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroupInfo) resour
} }
func TestAccAWSSecurityGroup_tags(t *testing.T) { func TestAccAWSSecurityGroup_tags(t *testing.T) {
var group ec2.SecurityGroupInfo var group ec2.SecurityGroup
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) }, PreCheck: func() { testAccPreCheck(t) },
@ -298,7 +298,7 @@ func TestAccAWSSecurityGroup_tags(t *testing.T) {
Config: testAccAWSSecurityGroupConfigTags, Config: testAccAWSSecurityGroupConfigTags,
Check: resource.ComposeTestCheckFunc( Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group),
testAccCheckTags(&group.Tags, "foo", "bar"), testAccCheckTagsSDK(&group.Tags, "foo", "bar"),
), ),
}, },
@ -306,56 +306,56 @@ func TestAccAWSSecurityGroup_tags(t *testing.T) {
Config: testAccAWSSecurityGroupConfigTagsUpdate, Config: testAccAWSSecurityGroupConfigTagsUpdate,
Check: resource.ComposeTestCheckFunc( Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group),
testAccCheckTags(&group.Tags, "foo", ""), testAccCheckTagsSDK(&group.Tags, "foo", ""),
testAccCheckTags(&group.Tags, "bar", "baz"), testAccCheckTagsSDK(&group.Tags, "bar", "baz"),
), ),
}, },
}, },
}) })
} }
func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroupInfo) resource.TestCheckFunc { func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error { return func(s *terraform.State) error {
p := []ec2.IPPerm{ p := []ec2.IPPermission{
ec2.IPPerm{ ec2.IPPermission{
FromPort: 80, FromPort: aws.Integer(80),
ToPort: 9000, ToPort: aws.Integer(9000),
Protocol: "tcp", IPProtocol: aws.String("tcp"),
SourceIPs: []string{"10.0.0.0/8"}, IPRanges: []ec2.IPRange{ec2.IPRange{aws.String("10.0.0.0/8")}},
}, },
ec2.IPPerm{ ec2.IPPermission{
FromPort: 80, FromPort: aws.Integer(80),
ToPort: 8000, ToPort: aws.Integer(8000),
Protocol: "tcp", IPProtocol: aws.String("tcp"),
SourceIPs: []string{"0.0.0.0/0", "10.0.0.0/8"}, IPRanges: []ec2.IPRange{ec2.IPRange{aws.String("0.0.0.0/0")}, ec2.IPRange{aws.String("10.0.0.0/8")}},
}, },
} }
if group.Name != "terraform_acceptance_test_example" { if *group.GroupName != "terraform_acceptance_test_example" {
return fmt.Errorf("Bad name: %s", group.Name) return fmt.Errorf("Bad name: %s", *group.GroupName)
} }
if group.Description != "Used in the terraform acceptance tests" { if *group.Description != "Used in the terraform acceptance tests" {
return fmt.Errorf("Bad description: %s", group.Description) return fmt.Errorf("Bad description: %s", *group.Description)
} }
// Compare our ingress // Compare our ingress
if len(group.IPPerms) != 2 { if len(group.IPPermissions) != 2 {
return fmt.Errorf( return fmt.Errorf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n", "Got:\n\n%#v\n\nExpected:\n\n%#v\n",
group.IPPerms, group.IPPermissions,
p) p)
} }
if group.IPPerms[0].ToPort == 8000 { if *group.IPPermissions[0].ToPort == 8000 {
group.IPPerms[1], group.IPPerms[0] = group.IPPermissions[1], group.IPPermissions[0] =
group.IPPerms[0], group.IPPerms[1] group.IPPermissions[0], group.IPPermissions[1]
} }
if !reflect.DeepEqual(group.IPPerms, p) { if !reflect.DeepEqual(group.IPPermissions, p) {
return fmt.Errorf( return fmt.Errorf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n", "Got:\n\n%#v\n\nExpected:\n\n%#v\n",
group.IPPerms, group.IPPermissions,
p) p)
} }

62
builtin/providers/aws/structure.go
View File

@ -4,6 +4,7 @@ import (
"strings" "strings"
"github.com/hashicorp/aws-sdk-go/aws" "github.com/hashicorp/aws-sdk-go/aws"
awsEC2 "github.com/hashicorp/aws-sdk-go/gen/ec2"
"github.com/hashicorp/aws-sdk-go/gen/elb" "github.com/hashicorp/aws-sdk-go/gen/elb"
"github.com/hashicorp/aws-sdk-go/gen/rds" "github.com/hashicorp/aws-sdk-go/gen/rds"
"github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/schema"
@ -89,6 +90,58 @@ func expandIPPerms(id string, configured []interface{}) []ec2.IPPerm {
return perms return perms
} }
// Takes the result of flatmap.Expand for an array of ingress/egress
// security group rules and returns EC2 API compatible objects
func expandIPPermsSDK(id string, configured []interface{}) []awsEC2.IPPermission {
perms := make([]awsEC2.IPPermission, len(configured))
for i, mRaw := range configured {
var perm awsEC2.IPPermission
m := mRaw.(map[string]interface{})
perm.FromPort = aws.Integer(m["from_port"].(int))
perm.ToPort = aws.Integer(m["to_port"].(int))
perm.IPProtocol = aws.String(m["protocol"].(string))
var groups []string
if raw, ok := m["security_groups"]; ok {
list := raw.(*schema.Set).List()
for _, v := range list {
groups = append(groups, v.(string))
}
}
if v, ok := m["self"]; ok && v.(bool) {
groups = append(groups, id)
}
if len(groups) > 0 {
perm.UserIDGroupPairs = make([]awsEC2.UserIDGroupPair, len(groups))
for i, name := range groups {
ownerId, id := "", name
if items := strings.Split(id, "/"); len(items) > 1 {
ownerId, id = items[0], items[1]
}
perm.UserIDGroupPairs[i] = awsEC2.UserIDGroupPair{
GroupID: aws.String(id),
UserID: aws.String(ownerId),
}
}
}
if raw, ok := m["cidr_blocks"]; ok {
list := raw.([]interface{})
perm.IPRanges = make([]awsEC2.IPRange, len(list))
for i, v := range list {
perm.IPRanges[i] = awsEC2.IPRange{aws.String(v.(string))}
}
}
perms[i] = perm
}
return perms
}
// Takes the result of flatmap.Expand for an array of parameters and // Takes the result of flatmap.Expand for an array of parameters and
// returns Parameter API compatible objects // returns Parameter API compatible objects
func expandParameters(configured []interface{}) ([]rds.Parameter, error) { func expandParameters(configured []interface{}) ([]rds.Parameter, error) {
@ -162,6 +215,15 @@ func flattenSecurityGroups(list []ec2.UserSecurityGroup) []string {
return result return result
} }
// Flattens an array of UserSecurityGroups into a []string
func flattenSecurityGroupsSDK(list []awsEC2.UserIDGroupPair) []string {
result := make([]string, 0, len(list))
for _, g := range list {
result = append(result, *g.GroupID)
}
return result
}
// Flattens an array of Instances into a []string // Flattens an array of Instances into a []string
func flattenInstances(list []elb.Instance) []string { func flattenInstances(list []elb.Instance) []string {
result := make([]string, 0, len(list)) result := make([]string, 0, len(list))