provider/aws: Populate self in Security Group Rule imports (#7164)

* provider/aws: Populate self in Security Group Rule imports

* provider/aws: Add regression test for SG Rule import
This commit is contained in:
Clint 2016-06-30 15:01:38 -05:00 committed by GitHub
parent a84aa5e914
commit 2ba1b0fb01
3 changed files with 66 additions and 0 deletions

View File

@ -35,3 +35,22 @@ func TestAccAWSSecurityGroup_importBasic(t *testing.T) {
}, },
}) })
} }
func TestAccAWSSecurityGroup_importSelf(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSSecurityGroupConfig_importSelf,
},
resource.TestStep{
ResourceName: "aws_security_group.allow_all",
ImportState: true,
ImportStateVerify: true,
},
},
})
}

View File

@ -511,11 +511,23 @@ func setFromIPPerm(d *schema.ResourceData, sg *ec2.SecurityGroup, rule *ec2.IpPe
d.Set("cidr_blocks", cb) d.Set("cidr_blocks", cb)
// 'self' is false by default. Below, we range over the group ids and set true
// if the parent sg id is found
d.Set("self", false)
if len(rule.UserIdGroupPairs) > 0 { if len(rule.UserIdGroupPairs) > 0 {
s := rule.UserIdGroupPairs[0] s := rule.UserIdGroupPairs[0]
// Check for Pair that is the same as the Security Group, to denote self.
// Otherwise, mark the group id in source_security_group_id
if isVPC { if isVPC {
if *s.GroupId == *sg.GroupId {
d.Set("self", true)
}
d.Set("source_security_group_id", *s.GroupId) d.Set("source_security_group_id", *s.GroupId)
} else { } else {
if *s.GroupName == *sg.GroupName {
d.Set("self", true)
}
d.Set("source_security_group_id", *s.GroupName) d.Set("source_security_group_id", *s.GroupName)
} }
} }

View File

@ -1594,3 +1594,38 @@ resource "aws_security_group" "nat" {
} }
} }
` `
const testAccAWSSecurityGroupConfig_importSelf = `
resource "aws_vpc" "foo" {
cidr_block = "10.1.0.0/16"
tags {
Name = "tf_sg_import_test"
}
}
resource "aws_security_group" "allow_all" {
name = "allow_all"
description = "Allow all inbound traffic"
vpc_id = "${aws_vpc.foo.id}"
}
resource "aws_security_group_rule" "allow_all" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.allow_all.id}"
}
resource "aws_security_group_rule" "allow_all-1" {
type = "ingress"
from_port = 65534
to_port = 65535
protocol = "tcp"
self = true
security_group_id = "${aws_security_group.allow_all.id}"
}
`