Merge pull request #2148 from hashicorp/b-aws-netacl-icmp-support

provider/aws: Add support for ICMP Protocol in Network ACLs

builtin/providers/aws/network_acl_entry.go

@@ -34,6 +34,18 @@ func expandNetworkAclEntries(configured []interface{}, entryType string) ([]*ec2
 			RuleNumber: aws.Long(int64(data["rule_no"].(int))),
 			CIDRBlock:  aws.String(data["cidr_block"].(string)),
 		}
+
+		// Specify additional required fields for ICMP
+		if p == 1 {
+			e.ICMPTypeCode = &ec2.ICMPTypeCode{}
+			if v, ok := data["icmp_code"]; ok {
+				e.ICMPTypeCode.Code = aws.Long(int64(v.(int)))
+			}
+			if v, ok := data["icmp_type"]; ok {
+				e.ICMPTypeCode.Type = aws.Long(int64(v.(int)))
+			}
+		}
+
 		entries = append(entries, e)
 	}
 	return entries, nil

builtin/providers/aws/resource_aws_network_acl.go

@@ -76,6 +76,14 @@ func resourceAwsNetworkAcl() *schema.Resource {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
+						"icmp_type": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
+						"icmp_code": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
 					},
 				},
 				Set: resourceAwsNetworkAclEntryHash,
@@ -110,6 +118,14 @@ func resourceAwsNetworkAcl() *schema.Resource {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
+						"icmp_type": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
+						"icmp_code": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
 					},
 				},
 				Set: resourceAwsNetworkAclEntryHash,
@@ -377,9 +393,10 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, conn *ec2
 			Protocol:     add.Protocol,
 			RuleAction:   add.RuleAction,
 			RuleNumber:   add.RuleNumber,
+			ICMPTypeCode: add.ICMPTypeCode,
 		})
 		if connErr != nil {
-			return fmt.Errorf("Error creating %s entry: %s", entryType, err)
+			return fmt.Errorf("Error creating %s entry: %s", entryType, connErr)
 		}
 	}
 	return nil
@@ -466,6 +483,13 @@ func resourceAwsNetworkAclEntryHash(v interface{}) int {
 		buf.WriteString(fmt.Sprintf("%s-", v.(string)))
 	}
 
+	if v, ok := m["icmp_type"]; ok {
+		buf.WriteString(fmt.Sprintf("%d-", v.(int)))
+	}
+	if v, ok := m["icmp_code"]; ok {
+		buf.WriteString(fmt.Sprintf("%d-", v.(int)))
+	}
+
 	return hashcode.String(buf.String())
 }
 
@@ -538,6 +562,11 @@ func networkAclEntriesToMapList(networkAcls []*ec2.NetworkACLEntry) []map[string
 			acl["to_port"] = *entry.PortRange.To
 		}
 
+		if entry.ICMPTypeCode != nil {
+			acl["icmp_type"] = *entry.ICMPTypeCode.Type
+			acl["icmp_code"] = *entry.ICMPTypeCode.Code
+		}
+
 		result = append(result, acl)
 	}
 

website/source/docs/providers/aws/r/network_acl.html.markdown

@@ -62,6 +62,10 @@ Both `egress` and `ingress` support the following keys:
 protocol, you must specify a from and to port of 0.
 * `cidr_block` - (Optional) The CIDR block to match. This must be a
 valid network mask.
+* `icmp_type` - (Optional) The ICMP type to be used. Default 0.
+* `icmp_code` - (Optional) The ICMP type code to be used. Default 0.
+
+~> Note: For more information on ICMP types and codes, see here: http://www.nthelp.com/icmp.html
 
 ## Attributes Reference