providers/aws: can add remove individual cidr/groups in security group

This commit is contained in:
Mitchell Hashimoto 2014-08-21 11:58:55 -07:00
parent 9ecfdc350e
commit 200f7c4488
2 changed files with 11 additions and 11 deletions

View File

@ -195,17 +195,17 @@ func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) er
// TODO: We need to handle partial state better in the in-between
// in this update.
if len(add) > 0 {
// Authorize the new rules
_, err := ec2conn.AuthorizeSecurityGroup(group, add)
if len(remove) > 0 {
// Revoke the old rules
_, err = ec2conn.RevokeSecurityGroup(group, remove)
if err != nil {
return fmt.Errorf("Error authorizing security group ingress rules: %s", err)
}
}
if len(remove) > 0 {
// Revoke the old rules
_, err = ec2conn.RevokeSecurityGroup(group, remove)
if len(add) > 0 {
// Authorize the new rules
_, err := ec2conn.AuthorizeSecurityGroup(group, add)
if err != nil {
return fmt.Errorf("Error authorizing security group ingress rules: %s", err)
}

View File

@ -240,9 +240,9 @@ func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroupInfo)
},
ec2.IPPerm{
FromPort: 80,
ToPort: 1234,
ToPort: 8000,
Protocol: "tcp",
SourceIPs: []string{"10.0.0.0/8"},
SourceIPs: []string{"0.0.0.0/0", "10.0.0.0/8"},
},
}
@ -262,7 +262,7 @@ func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroupInfo)
p)
}
if group.IPPerms[0].ToPort == 1234 {
if group.IPPerms[0].ToPort == 8000 {
group.IPPerms[1], group.IPPerms[0] =
group.IPPerms[0], group.IPPerms[1]
}
@ -307,8 +307,8 @@ resource "aws_security_group" "web" {
ingress {
protocol = "tcp"
from_port = 80
to_port = 1234
cidr_blocks = ["10.0.0.0/8"]
to_port = 8000
cidr_blocks = ["10.0.0.0/8", "0.0.0.0/0"]
}
}
`