provider/aws: Allow `aws_redshift_security_group` ingress rules to

change
This commit is contained in:
stack72 2016-03-30 20:13:28 -05:00
parent 980f165bf7
commit 03baf3e5a5
2 changed files with 327 additions and 1 deletions

View File

@ -20,6 +20,7 @@ func resourceAwsRedshiftSecurityGroup() *schema.Resource {
return &schema.Resource{ return &schema.Resource{
Create: resourceAwsRedshiftSecurityGroupCreate, Create: resourceAwsRedshiftSecurityGroupCreate,
Read: resourceAwsRedshiftSecurityGroupRead, Read: resourceAwsRedshiftSecurityGroupRead,
Update: resourceAwsRedshiftSecurityGroupUpdate,
Delete: resourceAwsRedshiftSecurityGroupDelete, Delete: resourceAwsRedshiftSecurityGroupDelete,
Schema: map[string]*schema.Schema{ Schema: map[string]*schema.Schema{
@ -39,7 +40,6 @@ func resourceAwsRedshiftSecurityGroup() *schema.Resource {
"ingress": &schema.Schema{ "ingress": &schema.Schema{
Type: schema.TypeSet, Type: schema.TypeSet,
Required: true, Required: true,
ForceNew: true,
Elem: &schema.Resource{ Elem: &schema.Resource{
Schema: map[string]*schema.Schema{ Schema: map[string]*schema.Schema{
"cidr": &schema.Schema{ "cidr": &schema.Schema{
@ -150,6 +150,55 @@ func resourceAwsRedshiftSecurityGroupRead(d *schema.ResourceData, meta interface
return nil return nil
} }
func resourceAwsRedshiftSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).redshiftconn
if d.HasChange("ingress") {
o, n := d.GetChange("ingress")
if o == nil {
o = new(schema.Set)
}
if n == nil {
n = new(schema.Set)
}
os := o.(*schema.Set)
ns := n.(*schema.Set)
removeIngressRules, err := expandRedshiftSGRevokeIngress(os.Difference(ns).List())
if err != nil {
return err
}
if len(removeIngressRules) > 0 {
for _, r := range removeIngressRules {
r.ClusterSecurityGroupName = aws.String(d.Id())
_, err := conn.RevokeClusterSecurityGroupIngress(&r)
if err != nil {
return err
}
}
}
addIngressRules, err := expandRedshiftSGAuthorizeIngress(ns.Difference(os).List())
if err != nil {
return err
}
if len(addIngressRules) > 0 {
for _, r := range addIngressRules {
r.ClusterSecurityGroupName = aws.String(d.Id())
_, err := conn.AuthorizeClusterSecurityGroupIngress(&r)
if err != nil {
return err
}
}
}
}
return resourceAwsRedshiftSecurityGroupRead(d, meta)
}
func resourceAwsRedshiftSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error { func resourceAwsRedshiftSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).redshiftconn conn := meta.(*AWSClient).redshiftconn
@ -289,3 +338,59 @@ func resourceAwsRedshiftSecurityGroupStateRefreshFunc(
return v, "authorized", nil return v, "authorized", nil
} }
} }
func expandRedshiftSGAuthorizeIngress(configured []interface{}) ([]redshift.AuthorizeClusterSecurityGroupIngressInput, error) {
var ingress []redshift.AuthorizeClusterSecurityGroupIngressInput
// Loop over our configured parameters and create
// an array of aws-sdk-go compatabile objects
for _, pRaw := range configured {
data := pRaw.(map[string]interface{})
i := redshift.AuthorizeClusterSecurityGroupIngressInput{}
if v, ok := data["cidr"]; ok {
i.CIDRIP = aws.String(v.(string))
}
if v, ok := data["security_group_name"]; ok {
i.EC2SecurityGroupName = aws.String(v.(string))
}
if v, ok := data["security_group_owner_id"]; ok {
i.EC2SecurityGroupOwnerId = aws.String(v.(string))
}
ingress = append(ingress, i)
}
return ingress, nil
}
func expandRedshiftSGRevokeIngress(configured []interface{}) ([]redshift.RevokeClusterSecurityGroupIngressInput, error) {
var ingress []redshift.RevokeClusterSecurityGroupIngressInput
// Loop over our configured parameters and create
// an array of aws-sdk-go compatabile objects
for _, pRaw := range configured {
data := pRaw.(map[string]interface{})
i := redshift.RevokeClusterSecurityGroupIngressInput{}
if v, ok := data["cidr"]; ok {
i.CIDRIP = aws.String(v.(string))
}
if v, ok := data["security_group_name"]; ok {
i.EC2SecurityGroupName = aws.String(v.(string))
}
if v, ok := data["security_group_owner_id"]; ok {
i.EC2SecurityGroupOwnerId = aws.String(v.(string))
}
ingress = append(ingress, i)
}
return ingress, nil
}

View File

@ -37,6 +37,44 @@ func TestAccAWSRedshiftSecurityGroup_ingressCidr(t *testing.T) {
}) })
} }
func TestAccAWSRedshiftSecurityGroup_updateIngressCidr(t *testing.T) {
var v redshift.ClusterSecurityGroup
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSRedshiftSecurityGroupDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidr,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
resource.TestCheckResourceAttr(
"aws_redshift_security_group.bar", "ingress.#", "1"),
),
},
resource.TestStep{
Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidrAdd,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
resource.TestCheckResourceAttr(
"aws_redshift_security_group.bar", "ingress.#", "3"),
),
},
resource.TestStep{
Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidrReduce,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
resource.TestCheckResourceAttr(
"aws_redshift_security_group.bar", "ingress.#", "2"),
),
},
},
})
}
func TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup(t *testing.T) { func TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup(t *testing.T) {
var v redshift.ClusterSecurityGroup var v redshift.ClusterSecurityGroup
@ -63,6 +101,44 @@ func TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup(t *testing.T) {
}) })
} }
func TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup(t *testing.T) {
var v redshift.ClusterSecurityGroup
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSRedshiftSecurityGroupDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgId,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
resource.TestCheckResourceAttr(
"aws_redshift_security_group.bar", "ingress.#", "1"),
),
},
resource.TestStep{
Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgIdAdd,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
resource.TestCheckResourceAttr(
"aws_redshift_security_group.bar", "ingress.#", "3"),
),
},
resource.TestStep{
Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgIdReduce,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
resource.TestCheckResourceAttr(
"aws_redshift_security_group.bar", "ingress.#", "2"),
),
},
},
})
}
func testAccCheckAWSRedshiftSecurityGroupExists(n string, v *redshift.ClusterSecurityGroup) resource.TestCheckFunc { func testAccCheckAWSRedshiftSecurityGroupExists(n string, v *redshift.ClusterSecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error { return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n] rs, ok := s.RootModule().Resources[n]
@ -177,6 +253,46 @@ resource "aws_redshift_security_group" "bar" {
} }
}` }`
const testAccAWSRedshiftSecurityGroupConfig_ingressCidrAdd = `
provider "aws" {
region = "us-east-1"
}
resource "aws_redshift_security_group" "bar" {
name = "redshift-sg-terraform"
description = "this is a description"
ingress {
cidr = "10.0.0.1/24"
}
ingress {
cidr = "10.0.10.1/24"
}
ingress {
cidr = "10.0.20.1/24"
}
}`
const testAccAWSRedshiftSecurityGroupConfig_ingressCidrReduce = `
provider "aws" {
region = "us-east-1"
}
resource "aws_redshift_security_group" "bar" {
name = "redshift-sg-terraform"
description = "this is a description"
ingress {
cidr = "10.0.0.1/24"
}
ingress {
cidr = "10.0.10.1/24"
}
}`
const testAccAWSRedshiftSecurityGroupConfig_ingressSgId = ` const testAccAWSRedshiftSecurityGroupConfig_ingressSgId = `
provider "aws" { provider "aws" {
region = "us-east-1" region = "us-east-1"
@ -203,3 +319,108 @@ resource "aws_redshift_security_group" "bar" {
security_group_owner_id = "${aws_security_group.redshift.owner_id}" security_group_owner_id = "${aws_security_group.redshift.owner_id}"
} }
}` }`
const testAccAWSRedshiftSecurityGroupConfig_ingressSgIdAdd = `
provider "aws" {
region = "us-east-1"
}
resource "aws_security_group" "redshift" {
name = "terraform_redshift_acceptance_test"
description = "Used in the redshift acceptance tests"
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["10.0.0.0/8"]
}
}
resource "aws_security_group" "redshift2" {
name = "terraform_redshift_acceptance_test_2"
description = "Used in the redshift acceptance tests #2"
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["10.0.10.0/8"]
}
}
resource "aws_security_group" "redshift3" {
name = "terraform_redshift_acceptance_test_3"
description = "Used in the redshift acceptance tests #3"
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["10.0.20.0/8"]
}
}
resource "aws_redshift_security_group" "bar" {
name = "redshift-sg-terraform"
description = "this is a description"
ingress {
security_group_name = "${aws_security_group.redshift.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
}
ingress {
security_group_name = "${aws_security_group.redshift2.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
}
ingress {
security_group_name = "${aws_security_group.redshift3.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
}
}`
const testAccAWSRedshiftSecurityGroupConfig_ingressSgIdReduce = `
provider "aws" {
region = "us-east-1"
}
resource "aws_security_group" "redshift" {
name = "terraform_redshift_acceptance_test"
description = "Used in the redshift acceptance tests"
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["10.0.0.0/8"]
}
}
resource "aws_security_group" "redshift2" {
name = "terraform_redshift_acceptance_test_2"
description = "Used in the redshift acceptance tests #2"
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["10.0.10.0/8"]
}
}
resource "aws_redshift_security_group" "bar" {
name = "redshift-sg-terraform"
description = "this is a description"
ingress {
security_group_name = "${aws_security_group.redshift.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
}
ingress {
security_group_name = "${aws_security_group.redshift2.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
}
}`