Merge pull request #1162 from hashicorp/aws-go-security-groups

provider/aws: Convert AWS Security Groups to aws-sdk-go
This commit is contained in:
Clint 2015-03-11 08:33:01 -05:00
commit 344382df2e
4 changed files with 212 additions and 254 deletions

View File

@ -7,10 +7,11 @@ import (
"sort"
"time"
"github.com/hashicorp/aws-sdk-go/aws"
"github.com/hashicorp/aws-sdk-go/gen/ec2"
"github.com/hashicorp/terraform/helper/hashcode"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
"github.com/mitchellh/goamz/ec2"
)
func resourceAwsSecurityGroup() *schema.Resource {
@ -141,18 +142,18 @@ func resourceAwsSecurityGroup() *schema.Resource {
}
func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn
ec2conn := meta.(*AWSClient).awsEC2conn
securityGroupOpts := ec2.SecurityGroup{
Name: d.Get("name").(string),
securityGroupOpts := &ec2.CreateSecurityGroupRequest{
GroupName: aws.String(d.Get("name").(string)),
}
if v := d.Get("vpc_id"); v != nil {
securityGroupOpts.VpcId = v.(string)
securityGroupOpts.VPCID = aws.String(v.(string))
}
if v := d.Get("description"); v != nil {
securityGroupOpts.Description = v.(string)
securityGroupOpts.Description = aws.String(v.(string))
}
log.Printf(
@ -162,7 +163,7 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
return fmt.Errorf("Error creating Security Group: %s", err)
}
d.SetId(createResp.Id)
d.SetId(*createResp.GroupID)
log.Printf("[INFO] Security Group ID: %s", d.Id())
@ -186,7 +187,7 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
}
func resourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn
ec2conn := meta.(*AWSClient).awsEC2conn
sgRaw, _, err := SGStateRefreshFunc(ec2conn, d.Id())()
if err != nil {
@ -197,24 +198,23 @@ func resourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) erro
return nil
}
sg := sgRaw.(*ec2.SecurityGroupInfo)
sg := sgRaw.(ec2.SecurityGroup)
ingressRules := resourceAwsSecurityGroupIPPermGather(d, sg.IPPerms)
egressRules := resourceAwsSecurityGroupIPPermGather(d, sg.IPPermsEgress)
ingressRules := resourceAwsSecurityGroupIPPermGather(d, sg.IPPermissions)
egressRules := resourceAwsSecurityGroupIPPermGather(d, sg.IPPermissionsEgress)
d.Set("description", sg.Description)
d.Set("name", sg.Name)
d.Set("vpc_id", sg.VpcId)
d.Set("owner_id", sg.OwnerId)
d.Set("name", sg.GroupName)
d.Set("vpc_id", sg.VPCID)
d.Set("owner_id", sg.OwnerID)
d.Set("ingress", ingressRules)
d.Set("egress", egressRules)
d.Set("tags", tagsToMap(sg.Tags))
d.Set("tags", tagsToMapSDK(sg.Tags))
return nil
}
func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn
ec2conn := meta.(*AWSClient).awsEC2conn
sgRaw, _, err := SGStateRefreshFunc(ec2conn, d.Id())()
if err != nil {
@ -224,7 +224,8 @@ func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) er
d.SetId("")
return nil
}
group := sgRaw.(*ec2.SecurityGroupInfo).SecurityGroup
group := sgRaw.(ec2.SecurityGroup)
err = resourceAwsSecurityGroupUpdateRules(d, "ingress", meta, group)
if err != nil {
@ -238,7 +239,7 @@ func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) er
}
}
if err := setTags(ec2conn, d); err != nil {
if err := setTagsSDK(ec2conn, d); err != nil {
return err
}
@ -248,14 +249,16 @@ func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) er
}
func resourceAwsSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
ec2conn := meta.(*AWSClient).ec2conn
ec2conn := meta.(*AWSClient).awsEC2conn
log.Printf("[DEBUG] Security Group destroy: %v", d.Id())
return resource.Retry(5*time.Minute, func() error {
_, err := ec2conn.DeleteSecurityGroup(ec2.SecurityGroup{Id: d.Id()})
err := ec2conn.DeleteSecurityGroup(&ec2.DeleteSecurityGroupRequest{
GroupID: aws.String(d.Id()),
})
if err != nil {
ec2err, ok := err.(*ec2.Error)
ec2err, ok := err.(aws.APIError)
if !ok {
return err
}
@ -313,34 +316,45 @@ func resourceAwsSecurityGroupRuleHash(v interface{}) int {
return hashcode.String(buf.String())
}
func resourceAwsSecurityGroupIPPermGather(d *schema.ResourceData, permissions []ec2.IPPerm) []map[string]interface{} {
func resourceAwsSecurityGroupIPPermGather(d *schema.ResourceData, permissions []ec2.IPPermission) []map[string]interface{} {
ruleMap := make(map[string]map[string]interface{})
for _, perm := range permissions {
k := fmt.Sprintf("%s-%d-%d", perm.Protocol, perm.FromPort, perm.ToPort)
var fromPort, toPort int
if v := perm.FromPort; v != nil {
fromPort = *v
}
if v := perm.ToPort; v != nil {
toPort = *v
}
k := fmt.Sprintf("%s-%d-%d", *perm.IPProtocol, fromPort, toPort)
m, ok := ruleMap[k]
if !ok {
m = make(map[string]interface{})
ruleMap[k] = m
}
m["from_port"] = perm.FromPort
m["to_port"] = perm.ToPort
m["protocol"] = perm.Protocol
m["from_port"] = fromPort
m["to_port"] = toPort
m["protocol"] = *perm.IPProtocol
if len(perm.SourceIPs) > 0 {
if len(perm.IPRanges) > 0 {
raw, ok := m["cidr_blocks"]
if !ok {
raw = make([]string, 0, len(perm.SourceIPs))
raw = make([]string, 0, len(perm.IPRanges))
}
list := raw.([]string)
list = append(list, perm.SourceIPs...)
for _, ip := range perm.IPRanges {
list = append(list, *ip.CIDRIP)
}
m["cidr_blocks"] = list
}
var groups []string
if len(perm.SourceGroups) > 0 {
groups = flattenSecurityGroups(perm.SourceGroups)
if len(perm.UserIDGroupPairs) > 0 {
groups = flattenSecurityGroupsSDK(perm.UserIDGroupPairs)
}
for i, id := range groups {
if id == d.Id() {
@ -364,7 +378,6 @@ func resourceAwsSecurityGroupIPPermGather(d *schema.ResourceData, permissions []
for _, m := range ruleMap {
rules = append(rules, m)
}
return rules
}
@ -383,6 +396,7 @@ func resourceAwsSecurityGroupUpdateRules(
os := o.(*schema.Set)
ns := n.(*schema.Set)
// TODO: re-munge this when test is updated
remove := expandIPPerms(d.Id(), os.Difference(ns).List())
add := expandIPPerms(d.Id(), ns.Difference(os).List())
@ -396,34 +410,53 @@ func resourceAwsSecurityGroupUpdateRules(
// not have service issues.
if len(remove) > 0 || len(add) > 0 {
ec2conn := meta.(*AWSClient).ec2conn
ec2conn := meta.(*AWSClient).awsEC2conn
var err error
if len(remove) > 0 {
// Revoke the old rules
revoke := ec2conn.RevokeSecurityGroup
log.Printf("[DEBUG] Revoking security group %#v %s rule: %#v",
group, ruleset, remove)
if ruleset == "egress" {
revoke = ec2conn.RevokeSecurityGroupEgress
req := &ec2.RevokeSecurityGroupEgressRequest{
GroupID: group.GroupID,
IPPermissions: remove,
}
err = ec2conn.RevokeSecurityGroupEgress(req)
} else {
req := &ec2.RevokeSecurityGroupIngressRequest{
GroupID: group.GroupID,
IPPermissions: remove,
}
err = ec2conn.RevokeSecurityGroupIngress(req)
}
log.Printf("[DEBUG] Revoking security group %s %s rule: %#v",
group, ruleset, remove)
if _, err := revoke(group, remove); err != nil {
if err != nil {
return fmt.Errorf(
"Error revoking security group %s rules: %s",
"Error authorizing security group %s rules: %s",
ruleset, err)
}
}
if len(add) > 0 {
log.Printf("[DEBUG] Authorizing security group %#v %s rule: %#v",
group, ruleset, add)
// Authorize the new rules
authorize := ec2conn.AuthorizeSecurityGroup
if ruleset == "egress" {
authorize = ec2conn.AuthorizeSecurityGroupEgress
req := &ec2.AuthorizeSecurityGroupEgressRequest{
GroupID: group.GroupID,
IPPermissions: add,
}
err = ec2conn.AuthorizeSecurityGroupEgress(req)
} else {
req := &ec2.AuthorizeSecurityGroupIngressRequest{
GroupID: group.GroupID,
IPPermissions: add,
}
err = ec2conn.AuthorizeSecurityGroupIngress(req)
}
log.Printf("[DEBUG] Authorizing security group %s %s rule: %#v",
group, ruleset, add)
if _, err := authorize(group, add); err != nil {
if err != nil {
return fmt.Errorf(
"Error authorizing security group %s rules: %s",
ruleset, err)
@ -431,7 +464,6 @@ func resourceAwsSecurityGroupUpdateRules(
}
}
}
return nil
}
@ -439,10 +471,12 @@ func resourceAwsSecurityGroupUpdateRules(
// a security group.
func SGStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc {
return func() (interface{}, string, error) {
sgs := []ec2.SecurityGroup{ec2.SecurityGroup{Id: id}}
resp, err := conn.SecurityGroups(sgs, nil)
req := &ec2.DescribeSecurityGroupsRequest{
GroupIDs: []string{id},
}
resp, err := conn.DescribeSecurityGroups(req)
if err != nil {
if ec2err, ok := err.(*ec2.Error); ok {
if ec2err, ok := err.(aws.APIError); ok {
if ec2err.Code == "InvalidSecurityGroupID.NotFound" ||
ec2err.Code == "InvalidGroup.NotFound" {
resp = nil
@ -460,7 +494,7 @@ func SGStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc {
return nil, "", nil
}
group := &resp.Groups[0]
group := resp.SecurityGroups[0]
return group, "exists", nil
}
}

View File

@ -2,16 +2,18 @@ package aws
import (
"fmt"
"log"
"reflect"
"testing"
"github.com/hashicorp/aws-sdk-go/aws"
"github.com/hashicorp/aws-sdk-go/gen/ec2"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
"github.com/mitchellh/goamz/ec2"
)
func TestAccAWSSecurityGroup_normal(t *testing.T) {
var group ec2.SecurityGroupInfo
var group ec2.SecurityGroup
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
@ -44,7 +46,7 @@ func TestAccAWSSecurityGroup_normal(t *testing.T) {
}
func TestAccAWSSecurityGroup_self(t *testing.T) {
var group ec2.SecurityGroupInfo
var group ec2.SecurityGroup
checkSelf := func(s *terraform.State) (err error) {
defer func() {
@ -53,7 +55,7 @@ func TestAccAWSSecurityGroup_self(t *testing.T) {
}
}()
if group.IPPerms[0].SourceGroups[0].Id != group.Id {
if *group.IPPermissions[0].UserIDGroupPairs[0].GroupID != *group.GroupID {
return fmt.Errorf("bad: %#v", group)
}
@ -89,10 +91,10 @@ func TestAccAWSSecurityGroup_self(t *testing.T) {
}
func TestAccAWSSecurityGroup_vpc(t *testing.T) {
var group ec2.SecurityGroupInfo
var group ec2.SecurityGroup
testCheck := func(*terraform.State) error {
if group.VpcId == "" {
if *group.VPCID == "" {
return fmt.Errorf("should have vpc ID")
}
@ -141,7 +143,7 @@ func TestAccAWSSecurityGroup_vpc(t *testing.T) {
}
func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) {
var group ec2.SecurityGroupInfo
var group ec2.SecurityGroup
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
@ -159,7 +161,7 @@ func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) {
}
func TestAccAWSSecurityGroup_Change(t *testing.T) {
var group ec2.SecurityGroupInfo
var group ec2.SecurityGroup
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
@ -184,30 +186,27 @@ func TestAccAWSSecurityGroup_Change(t *testing.T) {
}
func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ec2conn
conn := testAccProvider.Meta().(*AWSClient).awsEC2conn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_security_group" {
continue
}
sgs := []ec2.SecurityGroup{
ec2.SecurityGroup{
Id: rs.Primary.ID,
},
}
// Retrieve our group
resp, err := conn.SecurityGroups(sgs, nil)
req := &ec2.DescribeSecurityGroupsRequest{
GroupIDs: []string{rs.Primary.ID},
}
resp, err := conn.DescribeSecurityGroups(req)
if err == nil {
if len(resp.Groups) > 0 && resp.Groups[0].Id == rs.Primary.ID {
if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupID == rs.Primary.ID {
return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID)
}
return nil
}
ec2err, ok := err.(*ec2.Error)
ec2err, ok := err.(aws.APIError)
if !ok {
return err
}
@ -220,7 +219,7 @@ func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error {
return nil
}
func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroupInfo) resource.TestCheckFunc {
func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
@ -231,20 +230,19 @@ func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroupInfo)
return fmt.Errorf("No Security Group is set")
}
conn := testAccProvider.Meta().(*AWSClient).ec2conn
sgs := []ec2.SecurityGroup{
ec2.SecurityGroup{
Id: rs.Primary.ID,
},
conn := testAccProvider.Meta().(*AWSClient).awsEC2conn
req := &ec2.DescribeSecurityGroupsRequest{
GroupIDs: []string{rs.Primary.ID},
}
resp, err := conn.SecurityGroups(sgs, nil)
resp, err := conn.DescribeSecurityGroups(req)
if err != nil {
return err
}
if len(resp.Groups) > 0 && resp.Groups[0].Id == rs.Primary.ID {
if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupID == rs.Primary.ID {
*group = resp.Groups[0]
log.Printf("\n==\n===\nfound group\n===\n==\n")
*group = resp.SecurityGroups[0]
return nil
}
@ -253,32 +251,32 @@ func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroupInfo)
}
}
func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroupInfo) resource.TestCheckFunc {
func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error {
p := ec2.IPPerm{
FromPort: 80,
ToPort: 8000,
Protocol: "tcp",
SourceIPs: []string{"10.0.0.0/8"},
p := ec2.IPPermission{
FromPort: aws.Integer(80),
ToPort: aws.Integer(8000),
IPProtocol: aws.String("tcp"),
IPRanges: []ec2.IPRange{ec2.IPRange{aws.String("10.0.0.0/8")}},
}
if group.Name != "terraform_acceptance_test_example" {
return fmt.Errorf("Bad name: %s", group.Name)
if *group.GroupName != "terraform_acceptance_test_example" {
return fmt.Errorf("Bad name: %s", *group.GroupName)
}
if group.Description != "Used in the terraform acceptance tests" {
return fmt.Errorf("Bad description: %s", group.Description)
if *group.Description != "Used in the terraform acceptance tests" {
return fmt.Errorf("Bad description: %s", *group.Description)
}
if len(group.IPPerms) == 0 {
if len(group.IPPermissions) == 0 {
return fmt.Errorf("No IPPerms")
}
// Compare our ingress
if !reflect.DeepEqual(group.IPPerms[0], p) {
if !reflect.DeepEqual(group.IPPermissions[0], p) {
return fmt.Errorf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
group.IPPerms[0],
group.IPPermissions[0],
p)
}
@ -287,7 +285,7 @@ func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroupInfo) resour
}
func TestAccAWSSecurityGroup_tags(t *testing.T) {
var group ec2.SecurityGroupInfo
var group ec2.SecurityGroup
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
@ -298,7 +296,7 @@ func TestAccAWSSecurityGroup_tags(t *testing.T) {
Config: testAccAWSSecurityGroupConfigTags,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group),
testAccCheckTags(&group.Tags, "foo", "bar"),
testAccCheckTagsSDK(&group.Tags, "foo", "bar"),
),
},
@ -306,56 +304,56 @@ func TestAccAWSSecurityGroup_tags(t *testing.T) {
Config: testAccAWSSecurityGroupConfigTagsUpdate,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group),
testAccCheckTags(&group.Tags, "foo", ""),
testAccCheckTags(&group.Tags, "bar", "baz"),
testAccCheckTagsSDK(&group.Tags, "foo", ""),
testAccCheckTagsSDK(&group.Tags, "bar", "baz"),
),
},
},
})
}
func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroupInfo) resource.TestCheckFunc {
func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error {
p := []ec2.IPPerm{
ec2.IPPerm{
FromPort: 80,
ToPort: 9000,
Protocol: "tcp",
SourceIPs: []string{"10.0.0.0/8"},
p := []ec2.IPPermission{
ec2.IPPermission{
FromPort: aws.Integer(80),
ToPort: aws.Integer(9000),
IPProtocol: aws.String("tcp"),
IPRanges: []ec2.IPRange{ec2.IPRange{aws.String("10.0.0.0/8")}},
},
ec2.IPPerm{
FromPort: 80,
ToPort: 8000,
Protocol: "tcp",
SourceIPs: []string{"0.0.0.0/0", "10.0.0.0/8"},
ec2.IPPermission{
FromPort: aws.Integer(80),
ToPort: aws.Integer(8000),
IPProtocol: aws.String("tcp"),
IPRanges: []ec2.IPRange{ec2.IPRange{aws.String("0.0.0.0/0")}, ec2.IPRange{aws.String("10.0.0.0/8")}},
},
}
if group.Name != "terraform_acceptance_test_example" {
return fmt.Errorf("Bad name: %s", group.Name)
if *group.GroupName != "terraform_acceptance_test_example" {
return fmt.Errorf("Bad name: %s", *group.GroupName)
}
if group.Description != "Used in the terraform acceptance tests" {
return fmt.Errorf("Bad description: %s", group.Description)
if *group.Description != "Used in the terraform acceptance tests" {
return fmt.Errorf("Bad description: %s", *group.Description)
}
// Compare our ingress
if len(group.IPPerms) != 2 {
if len(group.IPPermissions) != 2 {
return fmt.Errorf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
group.IPPerms,
group.IPPermissions,
p)
}
if group.IPPerms[0].ToPort == 8000 {
group.IPPerms[1], group.IPPerms[0] =
group.IPPerms[0], group.IPPerms[1]
if *group.IPPermissions[0].ToPort == 8000 {
group.IPPermissions[1], group.IPPermissions[0] =
group.IPPermissions[0], group.IPPermissions[1]
}
if !reflect.DeepEqual(group.IPPerms, p) {
if !reflect.DeepEqual(group.IPPermissions, p) {
return fmt.Errorf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
group.IPPerms,
group.IPPermissions,
p)
}

View File

@ -4,6 +4,7 @@ import (
"strings"
"github.com/hashicorp/aws-sdk-go/aws"
awsEC2 "github.com/hashicorp/aws-sdk-go/gen/ec2"
"github.com/hashicorp/aws-sdk-go/gen/elb"
"github.com/hashicorp/aws-sdk-go/gen/rds"
"github.com/hashicorp/terraform/helper/schema"
@ -39,15 +40,15 @@ func expandListeners(configured []interface{}) ([]elb.Listener, error) {
// Takes the result of flatmap.Expand for an array of ingress/egress
// security group rules and returns EC2 API compatible objects
func expandIPPerms(id string, configured []interface{}) []ec2.IPPerm {
perms := make([]ec2.IPPerm, len(configured))
func expandIPPerms(id string, configured []interface{}) []awsEC2.IPPermission {
perms := make([]awsEC2.IPPermission, len(configured))
for i, mRaw := range configured {
var perm ec2.IPPerm
var perm awsEC2.IPPermission
m := mRaw.(map[string]interface{})
perm.FromPort = m["from_port"].(int)
perm.ToPort = m["to_port"].(int)
perm.Protocol = m["protocol"].(string)
perm.FromPort = aws.Integer(m["from_port"].(int))
perm.ToPort = aws.Integer(m["to_port"].(int))
perm.IPProtocol = aws.String(m["protocol"].(string))
var groups []string
if raw, ok := m["security_groups"]; ok {
@ -61,25 +62,25 @@ func expandIPPerms(id string, configured []interface{}) []ec2.IPPerm {
}
if len(groups) > 0 {
perm.SourceGroups = make([]ec2.UserSecurityGroup, len(groups))
perm.UserIDGroupPairs = make([]awsEC2.UserIDGroupPair, len(groups))
for i, name := range groups {
ownerId, id := "", name
if items := strings.Split(id, "/"); len(items) > 1 {
ownerId, id = items[0], items[1]
}
perm.SourceGroups[i] = ec2.UserSecurityGroup{
Id: id,
OwnerId: ownerId,
perm.UserIDGroupPairs[i] = awsEC2.UserIDGroupPair{
GroupID: aws.String(id),
UserID: aws.String(ownerId),
}
}
}
if raw, ok := m["cidr_blocks"]; ok {
list := raw.([]interface{})
perm.SourceIPs = make([]string, len(list))
perm.IPRanges = make([]awsEC2.IPRange, len(list))
for i, v := range list {
perm.SourceIPs[i] = v.(string)
perm.IPRanges[i] = awsEC2.IPRange{aws.String(v.(string))}
}
}
@ -111,31 +112,6 @@ func expandParameters(configured []interface{}) ([]rds.Parameter, error) {
return parameters, nil
}
// Flattens an array of ipPerms into a list of primitives that
// flatmap.Flatten() can handle
func flattenIPPerms(list []ec2.IPPerm) []map[string]interface{} {
result := make([]map[string]interface{}, 0, len(list))
for _, perm := range list {
n := make(map[string]interface{})
n["from_port"] = perm.FromPort
n["protocol"] = perm.Protocol
n["to_port"] = perm.ToPort
if len(perm.SourceIPs) > 0 {
n["cidr_blocks"] = perm.SourceIPs
}
if v := flattenSecurityGroups(perm.SourceGroups); len(v) > 0 {
n["security_groups"] = v
}
result = append(result, n)
}
return result
}
// Flattens a health check into something that flatmap.Flatten()
// can handle
func flattenHealthCheck(check *elb.HealthCheck) []map[string]interface{} {
@ -162,6 +138,15 @@ func flattenSecurityGroups(list []ec2.UserSecurityGroup) []string {
return result
}
// Flattens an array of UserSecurityGroups into a []string
func flattenSecurityGroupsSDK(list []awsEC2.UserIDGroupPair) []string {
result := make([]string, 0, len(list))
for _, g := range list {
result = append(result, *g.GroupID)
}
return result
}
// Flattens an array of Instances into a []string
func flattenInstances(list []elb.Instance) []string {
result := make([]string, 0, len(list))

View File

@ -1,16 +1,17 @@
package aws
import (
"log"
"reflect"
"testing"
"github.com/hashicorp/aws-sdk-go/aws"
awsEC2 "github.com/hashicorp/aws-sdk-go/gen/ec2"
"github.com/hashicorp/aws-sdk-go/gen/elb"
"github.com/hashicorp/aws-sdk-go/gen/rds"
"github.com/hashicorp/terraform/flatmap"
"github.com/hashicorp/terraform/helper/hashcode"
"github.com/hashicorp/terraform/helper/schema"
"github.com/mitchellh/goamz/ec2"
)
// Returns test configuration
@ -61,120 +62,60 @@ func TestExpandIPPerms(t *testing.T) {
}
perms := expandIPPerms("foo", expanded)
expected := []ec2.IPPerm{
ec2.IPPerm{
Protocol: "icmp",
FromPort: 1,
ToPort: -1,
SourceIPs: []string{"0.0.0.0/0"},
SourceGroups: []ec2.UserSecurityGroup{
ec2.UserSecurityGroup{
OwnerId: "foo",
Id: "sg-22222",
log.Printf("wtf is perms:\n%#v", perms)
expected := []awsEC2.IPPermission{
awsEC2.IPPermission{
IPProtocol: aws.String("icmp"),
FromPort: aws.Integer(1),
ToPort: aws.Integer(-1),
IPRanges: []awsEC2.IPRange{awsEC2.IPRange{aws.String("0.0.0.0/0")}},
UserIDGroupPairs: []awsEC2.UserIDGroupPair{
awsEC2.UserIDGroupPair{
UserID: aws.String("foo"),
GroupID: aws.String("sg-22222"),
},
ec2.UserSecurityGroup{
Id: "sg-11111",
awsEC2.UserIDGroupPair{
GroupID: aws.String("sg-22222"),
},
},
},
ec2.IPPerm{
Protocol: "icmp",
FromPort: 1,
ToPort: -1,
SourceGroups: []ec2.UserSecurityGroup{
ec2.UserSecurityGroup{
Id: "foo",
awsEC2.IPPermission{
IPProtocol: aws.String("icmp"),
FromPort: aws.Integer(1),
ToPort: aws.Integer(-1),
UserIDGroupPairs: []awsEC2.UserIDGroupPair{
awsEC2.UserIDGroupPair{
UserID: aws.String("foo"),
},
},
},
}
if !reflect.DeepEqual(perms, expected) {
exp := expected[0]
perm := perms[0]
if *exp.FromPort != *perm.FromPort {
t.Fatalf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
perms[0],
expected)
*perm.FromPort,
*exp.FromPort)
}
}
func TestFlattenIPPerms(t *testing.T) {
cases := []struct {
Input []ec2.IPPerm
Output []map[string]interface{}
}{
{
Input: []ec2.IPPerm{
ec2.IPPerm{
Protocol: "icmp",
FromPort: 1,
ToPort: -1,
SourceIPs: []string{"0.0.0.0/0"},
SourceGroups: []ec2.UserSecurityGroup{
ec2.UserSecurityGroup{
Id: "sg-11111",
},
},
},
},
Output: []map[string]interface{}{
map[string]interface{}{
"protocol": "icmp",
"from_port": 1,
"to_port": -1,
"cidr_blocks": []string{"0.0.0.0/0"},
"security_groups": []string{"sg-11111"},
},
},
},
{
Input: []ec2.IPPerm{
ec2.IPPerm{
Protocol: "icmp",
FromPort: 1,
ToPort: -1,
SourceIPs: []string{"0.0.0.0/0"},
SourceGroups: nil,
},
},
Output: []map[string]interface{}{
map[string]interface{}{
"protocol": "icmp",
"from_port": 1,
"to_port": -1,
"cidr_blocks": []string{"0.0.0.0/0"},
},
},
},
{
Input: []ec2.IPPerm{
ec2.IPPerm{
Protocol: "icmp",
FromPort: 1,
ToPort: -1,
SourceIPs: nil,
},
},
Output: []map[string]interface{}{
map[string]interface{}{
"protocol": "icmp",
"from_port": 1,
"to_port": -1,
},
},
},
if *exp.IPRanges[0].CIDRIP != *perm.IPRanges[0].CIDRIP {
t.Fatalf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
*perm.IPRanges[0].CIDRIP,
*exp.IPRanges[0].CIDRIP)
}
for _, tc := range cases {
output := flattenIPPerms(tc.Input)
if !reflect.DeepEqual(output, tc.Output) {
t.Fatalf("Input:\n\n%#v\n\nOutput:\n\n%#v", tc.Input, output)
}
if *exp.UserIDGroupPairs[0].UserID != *perm.UserIDGroupPairs[0].UserID {
t.Fatalf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
*perm.UserIDGroupPairs[0].UserID,
*exp.UserIDGroupPairs[0].UserID)
}
}
func TestExpandListeners(t *testing.T) {