terraform/builtin/providers/aws/resource_aws_security_group.go

198 lines
4.6 KiB
Go
Raw Normal View History

2014-07-08 20:06:39 +02:00
package aws
import (
"fmt"
"log"
2014-07-09 01:58:31 +02:00
"github.com/hashicorp/terraform/flatmap"
"github.com/hashicorp/terraform/helper/config"
2014-07-08 20:06:39 +02:00
"github.com/hashicorp/terraform/helper/diff"
"github.com/hashicorp/terraform/terraform"
"github.com/mitchellh/goamz/ec2"
)
func resource_aws_security_group_create(
s *terraform.ResourceState,
d *terraform.ResourceDiff,
meta interface{}) (*terraform.ResourceState, error) {
p := meta.(*ResourceProvider)
ec2conn := p.ec2conn
// Merge the diff into the state so that we have all the attributes
// properly.
rs := s.MergeDiff(d)
securityGroupOpts := ec2.SecurityGroup{
Name: rs.Attributes["name"],
Description: rs.Attributes["description"],
VpcId: rs.Attributes["vpc_id"],
}
log.Printf("[DEBUG] Security Group create configuration: %#v", securityGroupOpts)
createResp, err := ec2conn.CreateSecurityGroup(securityGroupOpts)
if err != nil {
return nil, fmt.Errorf("Error creating Security Group: %s", err)
}
rs.ID = createResp.Id
group := createResp.SecurityGroup
2014-07-08 20:06:39 +02:00
log.Printf("[INFO] Security Group ID: %s", rs.ID)
ingressRules := []ec2.IPPerm{}
2014-07-08 20:06:39 +02:00
// Expand the "ingress" array to goamz compat []ec2.IPPerm
v, ok := flatmap.Expand(rs.Attributes, "ingress").([]interface{})
if ok {
ingressRules = expandIPPerms(v)
}
if len(ingressRules) > 0 {
_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
if err != nil {
return rs, fmt.Errorf("Error authorizing security group ingress rules: %s", err)
}
}
2014-07-08 20:06:39 +02:00
sg, err := resource_aws_security_group_retrieve(rs.ID, ec2conn)
if err != nil {
return rs, err
}
return resource_aws_security_group_update_state(rs, sg)
}
func resource_aws_security_group_update(
s *terraform.ResourceState,
d *terraform.ResourceDiff,
meta interface{}) (*terraform.ResourceState, error) {
rs := s.MergeDiff(d)
log.Printf("ResourceDiff: %s", d)
log.Printf("ResourceState: %s", s)
log.Printf("Merged: %s", rs)
return nil, fmt.Errorf("Did not update")
}
func resource_aws_security_group_destroy(
s *terraform.ResourceState,
meta interface{}) error {
p := meta.(*ResourceProvider)
ec2conn := p.ec2conn
log.Printf("[DEBUG] Security Group destroy: %v", s.ID)
_, err := ec2conn.DeleteSecurityGroup(ec2.SecurityGroup{Id: s.ID})
if err != nil {
ec2err, ok := err.(*ec2.Error)
if ok && ec2err.Code == "InvalidGroup.NotFound" {
return nil
}
}
return err
}
func resource_aws_security_group_refresh(
s *terraform.ResourceState,
meta interface{}) (*terraform.ResourceState, error) {
p := meta.(*ResourceProvider)
ec2conn := p.ec2conn
sg, err := resource_aws_security_group_retrieve(s.ID, ec2conn)
if err != nil {
return s, err
}
return resource_aws_security_group_update_state(s, sg)
}
func resource_aws_security_group_diff(
s *terraform.ResourceState,
c *terraform.ResourceConfig,
meta interface{}) (*terraform.ResourceDiff, error) {
b := &diff.ResourceBuilder{
Attrs: map[string]diff.AttrType{
"name": diff.AttrTypeCreate,
"description": diff.AttrTypeUpdate,
2014-07-08 20:06:39 +02:00
"vpc_id": diff.AttrTypeUpdate,
2014-07-09 01:58:31 +02:00
"ingress": diff.AttrTypeUpdate,
2014-07-08 20:06:39 +02:00
},
ComputedAttrs: []string{
"owner_id",
},
}
return b.Diff(s, c)
}
func resource_aws_security_group_update_state(
s *terraform.ResourceState,
sg *ec2.SecurityGroupInfo) (*terraform.ResourceState, error) {
2014-07-09 18:18:17 +02:00
s.Attributes["description"] = sg.Description
2014-07-08 20:06:39 +02:00
s.Attributes["name"] = sg.Name
s.Attributes["vpc_id"] = sg.VpcId
s.Attributes["owner_id"] = sg.OwnerId
// Flatten our sg values
toFlatten := make(map[string]interface{})
toFlatten["ingress"] = flattenIPPerms(sg.IPPerms)
for k, v := range flatmap.Flatten(toFlatten) {
s.Attributes[k] = v
}
2014-07-08 20:06:39 +02:00
return s, nil
}
// Returns a single sg by it's ID
func resource_aws_security_group_retrieve(id string, ec2conn *ec2.EC2) (*ec2.SecurityGroupInfo, error) {
sgs := []ec2.SecurityGroup{
ec2.SecurityGroup{
Id: id,
},
}
log.Printf("[DEBUG] Security Group describe configuration: %#v", sgs)
describeGroups, err := ec2conn.SecurityGroups(sgs, nil)
if err != nil {
return nil, fmt.Errorf("Error retrieving security groups: %s", err)
}
// Verify AWS returned our sg
if len(describeGroups.Groups) != 1 ||
describeGroups.Groups[0].Id != id {
if err != nil {
return nil, fmt.Errorf("Unable to find security group: %#v", describeGroups.Groups)
}
}
sg := describeGroups.Groups[0]
return &sg, nil
}
func resource_aws_security_group_validation() *config.Validator {
return &config.Validator{
Required: []string{
"name",
"ingress.*",
"ingress.*.from_port",
"ingress.*.to_port",
"ingress.*.protocol",
},
Optional: []string{
"description",
"vpc_id",
"owner_id",
},
}
}