provider/aws: Populate self in Security Group Rule imports (#7164)

* provider/aws: Populate self in Security Group Rule imports * provider/aws: Add regression test for SG Rule import
2016-06-30 15:01:38 -05:00 · 2016-06-30 15:01:38 -05:00 · 2ba1b0fb01
parent a84aa5e914
commit 2ba1b0fb01
3 changed files with 66 additions and 0 deletions
--- a/builtin/providers/aws/import_aws_security_group_test.go
+++ b/builtin/providers/aws/import_aws_security_group_test.go
@ -35,3 +35,22 @@ func TestAccAWSSecurityGroup_importBasic(t *testing.T) {
 		},
 	})
 }
+
+func TestAccAWSSecurityGroup_importSelf(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSSecurityGroupConfig_importSelf,
+			},
+
+			resource.TestStep{
+				ResourceName:      "aws_security_group.allow_all",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
--- a/builtin/providers/aws/resource_aws_security_group_rule.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule.go
@ -511,11 +511,23 @@ func setFromIPPerm(d *schema.ResourceData, sg *ec2.SecurityGroup, rule *ec2.IpPe

 	d.Set("cidr_blocks", cb)

+	// 'self' is false by default. Below, we range over the group ids and set true
+	// if the parent sg id is found
+	d.Set("self", false)
 	if len(rule.UserIdGroupPairs) > 0 {
 		s := rule.UserIdGroupPairs[0]
+
+		// Check for Pair that is the same as the Security Group, to denote self.
+		// Otherwise, mark the group id in source_security_group_id
 		if isVPC {
+			if *s.GroupId == *sg.GroupId {
+				d.Set("self", true)
+			}
 			d.Set("source_security_group_id", *s.GroupId)
 		} else {
+			if *s.GroupName == *sg.GroupName {
+				d.Set("self", true)
+			}
 			d.Set("source_security_group_id", *s.GroupName)
 		}
 	}
--- a/builtin/providers/aws/resource_aws_security_group_test.go
+++ b/builtin/providers/aws/resource_aws_security_group_test.go
@ -1594,3 +1594,38 @@ resource "aws_security_group" "nat" {
  }
 }
 `
+const testAccAWSSecurityGroupConfig_importSelf = `
+resource "aws_vpc" "foo" {
+  cidr_block = "10.1.0.0/16"
+
+  tags {
+    Name = "tf_sg_import_test"
+  }
+}
+
+resource "aws_security_group" "allow_all" {
+  name        = "allow_all"
+  description = "Allow all inbound traffic"
+  vpc_id      = "${aws_vpc.foo.id}"
+}
+
+resource "aws_security_group_rule" "allow_all" {
+  type        = "ingress"
+  from_port   = 0
+  to_port     = 65535
+  protocol    = "tcp"
+  cidr_blocks = ["0.0.0.0/0"]
+
+  security_group_id = "${aws_security_group.allow_all.id}"
+}
+
+resource "aws_security_group_rule" "allow_all-1" {
+  type      = "ingress"
+  from_port = 65534
+  to_port   = 65535
+  protocol  = "tcp"
+
+  self              = true
+  security_group_id = "${aws_security_group.allow_all.id}"
+}
+`