provider/aws: Populate self in Security Group Rule imports (#7164)
* provider/aws: Populate self in Security Group Rule imports * provider/aws: Add regression test for SG Rule import
This commit is contained in:
Clint
GitHub
parent
a84aa5e914
commit
2ba1b0fb01
|
|
@ -35,3 +35,22 @@ func TestAccAWSSecurityGroup_importBasic(t *testing.T) {
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAccAWSSecurityGroup_importSelf(t *testing.T) {
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
resource.TestStep{
|
||||||
|
Config: testAccAWSSecurityGroupConfig_importSelf,
|
||||||
|
},
|
||||||
|
|
||||||
|
resource.TestStep{
|
||||||
|
ResourceName: "aws_security_group.allow_all",
|
||||||
|
ImportState: true,
|
||||||
|
ImportStateVerify: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -511,11 +511,23 @@ func setFromIPPerm(d *schema.ResourceData, sg *ec2.SecurityGroup, rule *ec2.IpPe
|
||||||
|
|
||||||
d.Set("cidr_blocks", cb)
|
d.Set("cidr_blocks", cb)
|
||||||
|
|
||||||
|
// 'self' is false by default. Below, we range over the group ids and set true
|
||||||
|
// if the parent sg id is found
|
||||||
|
d.Set("self", false)
|
||||||
if len(rule.UserIdGroupPairs) > 0 {
|
if len(rule.UserIdGroupPairs) > 0 {
|
||||||
s := rule.UserIdGroupPairs[0]
|
s := rule.UserIdGroupPairs[0]
|
||||||
|
|
||||||
|
// Check for Pair that is the same as the Security Group, to denote self.
|
||||||
|
// Otherwise, mark the group id in source_security_group_id
|
||||||
if isVPC {
|
if isVPC {
|
||||||
|
if *s.GroupId == *sg.GroupId {
|
||||||
|
d.Set("self", true)
|
||||||
|
}
|
||||||
d.Set("source_security_group_id", *s.GroupId)
|
d.Set("source_security_group_id", *s.GroupId)
|
||||||
} else {
|
} else {
|
||||||
|
if *s.GroupName == *sg.GroupName {
|
||||||
|
d.Set("self", true)
|
||||||
|
}
|
||||||
d.Set("source_security_group_id", *s.GroupName)
|
d.Set("source_security_group_id", *s.GroupName)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1594,3 +1594,38 @@ resource "aws_security_group" "nat" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
`
|
`
|
||||||
|
const testAccAWSSecurityGroupConfig_importSelf = `
|
||||||
|
resource "aws_vpc" "foo" {
|
||||||
|
cidr_block = "10.1.0.0/16"
|
||||||
|
|
||||||
|
tags {
|
||||||
|
Name = "tf_sg_import_test"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_security_group" "allow_all" {
|
||||||
|
name = "allow_all"
|
||||||
|
description = "Allow all inbound traffic"
|
||||||
|
vpc_id = "${aws_vpc.foo.id}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_security_group_rule" "allow_all" {
|
||||||
|
type = "ingress"
|
||||||
|
from_port = 0
|
||||||
|
to_port = 65535
|
||||||
|
protocol = "tcp"
|
||||||
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
|
|
||||||
|
security_group_id = "${aws_security_group.allow_all.id}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_security_group_rule" "allow_all-1" {
|
||||||
|
type = "ingress"
|
||||||
|
from_port = 65534
|
||||||
|
to_port = 65535
|
||||||
|
protocol = "tcp"
|
||||||
|
|
||||||
|
self = true
|
||||||
|
security_group_id = "${aws_security_group.allow_all.id}"
|
||||||
|
}
|
||||||
|
`
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue