provider/aws: Fix crash creating rules in aws SGs
This commit uses Group Name in preference to Group ID where appropriate in the aws_security_group_rule resource. This fixes the crash reported in #5310. Fixes #5310.
This commit is contained in:
parent
5444223da3
commit
3adae0216c
|
@ -149,7 +149,9 @@ information and instructions for recovery. Error message: %s`, awsErr.Message())
|
||||||
ruleType, autherr)
|
ruleType, autherr)
|
||||||
}
|
}
|
||||||
|
|
||||||
d.SetId(ipPermissionIDHash(sg_id, ruleType, perm))
|
id := ipPermissionIDHash(sg_id, ruleType, perm)
|
||||||
|
d.SetId(id)
|
||||||
|
log.Printf("[DEBUG] Security group rule ID set to %s", id)
|
||||||
|
|
||||||
return resourceAwsSecurityGroupRuleRead(d, meta)
|
return resourceAwsSecurityGroupRuleRead(d, meta)
|
||||||
}
|
}
|
||||||
|
@ -164,6 +166,8 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
isVPC := sg.VpcId != nil && *sg.VpcId != ""
|
||||||
|
|
||||||
var rule *ec2.IpPermission
|
var rule *ec2.IpPermission
|
||||||
var rules []*ec2.IpPermission
|
var rules []*ec2.IpPermission
|
||||||
ruleType := d.Get("type").(string)
|
ruleType := d.Get("type").(string)
|
||||||
|
@ -215,9 +219,15 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
|
||||||
remaining = len(p.UserIdGroupPairs)
|
remaining = len(p.UserIdGroupPairs)
|
||||||
for _, ip := range p.UserIdGroupPairs {
|
for _, ip := range p.UserIdGroupPairs {
|
||||||
for _, rip := range r.UserIdGroupPairs {
|
for _, rip := range r.UserIdGroupPairs {
|
||||||
|
if isVPC {
|
||||||
if *ip.GroupId == *rip.GroupId {
|
if *ip.GroupId == *rip.GroupId {
|
||||||
remaining--
|
remaining--
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
if *ip.GroupName == *rip.GroupName {
|
||||||
|
remaining--
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -250,7 +260,11 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
|
||||||
|
|
||||||
if len(p.UserIdGroupPairs) > 0 {
|
if len(p.UserIdGroupPairs) > 0 {
|
||||||
s := p.UserIdGroupPairs[0]
|
s := p.UserIdGroupPairs[0]
|
||||||
|
if isVPC {
|
||||||
d.Set("source_security_group_id", *s.GroupId)
|
d.Set("source_security_group_id", *s.GroupId)
|
||||||
|
} else {
|
||||||
|
d.Set("source_security_group_id", *s.GroupName)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -406,6 +420,7 @@ func expandIPPerm(d *schema.ResourceData, sg *ec2.SecurityGroup) (*ec2.IpPermiss
|
||||||
}
|
}
|
||||||
|
|
||||||
if v, ok := d.GetOk("self"); ok && v.(bool) {
|
if v, ok := d.GetOk("self"); ok && v.(bool) {
|
||||||
|
// if sg.GroupId != nil {
|
||||||
if sg.VpcId != nil && *sg.VpcId != "" {
|
if sg.VpcId != nil && *sg.VpcId != "" {
|
||||||
groups[*sg.GroupId] = true
|
groups[*sg.GroupId] = true
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -343,6 +343,24 @@ func TestAccAWSSecurityGroupRule_PartialMatching_Source(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAccAWSSecurityGroupRule_Issue5310(t *testing.T) {
|
||||||
|
var group ec2.SecurityGroup
|
||||||
|
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccCheckAWSSecurityGroupRuleDestroy,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
resource.TestStep{
|
||||||
|
Config: testAccAWSSecurityGroupRuleIssue5310,
|
||||||
|
Check: resource.ComposeTestCheckFunc(
|
||||||
|
testAccCheckAWSSecurityGroupRuleExists("aws_security_group.issue_5310", &group),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func TestAccAWSSecurityGroupRule_Race(t *testing.T) {
|
func TestAccAWSSecurityGroupRule_Race(t *testing.T) {
|
||||||
var group ec2.SecurityGroup
|
var group ec2.SecurityGroup
|
||||||
|
|
||||||
|
@ -527,6 +545,26 @@ resource "aws_security_group_rule" "ingress_1" {
|
||||||
}
|
}
|
||||||
`
|
`
|
||||||
|
|
||||||
|
const testAccAWSSecurityGroupRuleIssue5310 = `
|
||||||
|
provider "aws" {
|
||||||
|
region = "us-east-1"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_security_group" "issue_5310" {
|
||||||
|
name = "terraform-test-issue_5310"
|
||||||
|
description = "SG for test of issue 5310"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_security_group_rule" "issue_5310" {
|
||||||
|
type = "ingress"
|
||||||
|
from_port = 0
|
||||||
|
to_port = 65535
|
||||||
|
protocol = "tcp"
|
||||||
|
security_group_id = "${aws_security_group.issue_5310.id}"
|
||||||
|
self = true
|
||||||
|
}
|
||||||
|
`
|
||||||
|
|
||||||
const testAccAWSSecurityGroupRuleIngressClassicConfig = `
|
const testAccAWSSecurityGroupRuleIngressClassicConfig = `
|
||||||
provider "aws" {
|
provider "aws" {
|
||||||
region = "us-east-1"
|
region = "us-east-1"
|
||||||
|
|
Loading…
Reference in New Issue