mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-09 23:54:17 -06:00
Merge pull request #3780 from hashicorp/b-aws-elb-source-sg-id
providers/aws: Provide source security group id for ELBs
This commit is contained in:
commit
bea8e0b14f
@ -9,6 +9,7 @@ import (
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/service/ec2"
|
||||
"github.com/aws/aws-sdk-go/service/elb"
|
||||
"github.com/hashicorp/terraform/helper/hashcode"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
@ -74,6 +75,11 @@ func resourceAwsElb() *schema.Resource {
|
||||
Computed: true,
|
||||
},
|
||||
|
||||
"source_security_group_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
|
||||
"subnets": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
@ -300,6 +306,18 @@ func resourceAwsElbRead(d *schema.ResourceData, meta interface{}) error {
|
||||
d.Set("security_groups", lb.SecurityGroups)
|
||||
if lb.SourceSecurityGroup != nil {
|
||||
d.Set("source_security_group", lb.SourceSecurityGroup.GroupName)
|
||||
|
||||
// Manually look up the ELB Security Group ID, since it's not provided
|
||||
var elbVpc string
|
||||
if lb.VPCId != nil {
|
||||
elbVpc = *lb.VPCId
|
||||
}
|
||||
sgId, err := sourceSGIdByName(meta, *lb.SourceSecurityGroup.GroupName, elbVpc)
|
||||
if err != nil {
|
||||
return fmt.Errorf("[WARN] Error looking up ELB Security Group ID: %s", err)
|
||||
} else {
|
||||
d.Set("source_security_group_id", sgId)
|
||||
}
|
||||
}
|
||||
d.Set("subnets", lb.Subnets)
|
||||
d.Set("idle_timeout", lbAttrs.ConnectionSettings.IdleTimeout)
|
||||
@ -594,3 +612,52 @@ func validateElbName(v interface{}, k string) (ws []string, errors []error) {
|
||||
return
|
||||
|
||||
}
|
||||
|
||||
func sourceSGIdByName(meta interface{}, sg, vpcId string) (string, error) {
|
||||
conn := meta.(*AWSClient).ec2conn
|
||||
var filters []*ec2.Filter
|
||||
var sgFilterName, sgFilterVPCID *ec2.Filter
|
||||
sgFilterName = &ec2.Filter{
|
||||
Name: aws.String("group-name"),
|
||||
Values: []*string{aws.String(sg)},
|
||||
}
|
||||
|
||||
if vpcId != "" {
|
||||
sgFilterVPCID = &ec2.Filter{
|
||||
Name: aws.String("vpc-id"),
|
||||
Values: []*string{aws.String(vpcId)},
|
||||
}
|
||||
}
|
||||
|
||||
filters = append(filters, sgFilterName)
|
||||
|
||||
if sgFilterVPCID != nil {
|
||||
filters = append(filters, sgFilterVPCID)
|
||||
}
|
||||
|
||||
req := &ec2.DescribeSecurityGroupsInput{
|
||||
Filters: filters,
|
||||
}
|
||||
resp, err := conn.DescribeSecurityGroups(req)
|
||||
if err != nil {
|
||||
if ec2err, ok := err.(awserr.Error); ok {
|
||||
if ec2err.Code() == "InvalidSecurityGroupID.NotFound" ||
|
||||
ec2err.Code() == "InvalidGroup.NotFound" {
|
||||
resp = nil
|
||||
err = nil
|
||||
}
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
log.Printf("Error on ELB SG look up: %s", err)
|
||||
return "", err
|
||||
}
|
||||
}
|
||||
|
||||
if resp == nil || len(resp.SecurityGroups) == 0 {
|
||||
return "", fmt.Errorf("No security groups found for name %s and vpc id %s", sg, vpcId)
|
||||
}
|
||||
|
||||
group := resp.SecurityGroups[0]
|
||||
return *group.GroupId, nil
|
||||
}
|
||||
|
@ -611,6 +611,15 @@ func testAccCheckAWSELBExists(n string, res *elb.LoadBalancerDescription) resour
|
||||
|
||||
*res = *describe.LoadBalancerDescriptions[0]
|
||||
|
||||
// Confirm source_security_group_id for ELBs in a VPC
|
||||
// See https://github.com/hashicorp/terraform/pull/3780
|
||||
if res.VPCId != nil {
|
||||
sgid := rs.Primary.Attributes["source_security_group_id"]
|
||||
if sgid == "" {
|
||||
return fmt.Errorf("Expected to find source_security_group_id for ELB, but was empty")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
@ -100,5 +100,8 @@ The following attributes are exported:
|
||||
* `instances` - The list of instances in the ELB
|
||||
* `source_security_group` - The name of the security group that you can use as
|
||||
part of your inbound rules for your load balancer's back-end application
|
||||
instances.
|
||||
instances. Use this for Classic or Default VPC only.
|
||||
* `source_security_group_id` - The ID of the security group that you can use as
|
||||
part of your inbound rules for your load balancer's back-end application
|
||||
instances. Only available on ELBs launch in a VPC.
|
||||
* `zone_id` - The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)
|
||||
|
Loading…
Reference in New Issue
Block a user