From 47468c32a43251f9cd9d9919b00a37aba666e102 Mon Sep 17 00:00:00 2001
From: Jack Pearkes <jackpearkes@gmail.com>
Date: Tue, 8 Jul 2014 16:33:59 -0400
Subject: [PATCH] providers/aws: egress and ingress for sg

---
 .../aws/resource_aws_security_group.go        | 24 ++++++++++++
 builtin/providers/aws/structure.go            | 39 +++++++++++++++++++
 builtin/providers/aws/structure_test.go       | 33 ++++++++++++++++
 3 files changed, 96 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_security_group.go b/builtin/providers/aws/resource_aws_security_group.go
index ab0b2840c..c080c32e5 100644
--- a/builtin/providers/aws/resource_aws_security_group.go
+++ b/builtin/providers/aws/resource_aws_security_group.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/hashicorp/terraform/helper/diff"
 	"github.com/hashicorp/terraform/terraform"
+	"github.com/hashicorp/terraform/flatmap"
 	"github.com/mitchellh/goamz/ec2"
 )
 
@@ -33,9 +34,32 @@ func resource_aws_security_group_create(
 	}
 
 	rs.ID = createResp.Id
+	group := createResp.SecurityGroup
 
 	log.Printf("[INFO] Security Group ID: %s", rs.ID)
 
+	// Expand the "ingress" array to goamz compat []ec2.IPPerm
+	v := flatmap.Expand(rs.Attributes, "ingress").([]interface{})
+	ingressRules := expandIPPerms(v)
+
+	// Expand the "egress" array to goamz compat []ec2.IPPerm
+	v = flatmap.Expand(rs.Attributes, "egress").([]interface{})
+	egressRules := expandIPPerms(v)
+
+	if len(egressRules) > 0 {
+		_, err = ec2conn.AuthorizeSecurityGroupEgress(group, egressRules)
+		if err != nil {
+			return rs, fmt.Errorf("Error authorizing security group egress rules: %s", err)
+		}
+	}
+
+	if len(egressRules) > 0 {
+		_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
+		if err != nil {
+			return rs, fmt.Errorf("Error authorizing security group ingress rules: %s", err)
+		}
+	}
+
 	sg, err := resource_aws_security_group_retrieve(rs.ID, ec2conn)
 	if err != nil {
 		return rs, err
diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go
index 0f2b4800a..b165b86f7 100644
--- a/builtin/providers/aws/structure.go
+++ b/builtin/providers/aws/structure.go
@@ -1,7 +1,9 @@
 package aws
 
 import (
+	"github.com/mitchellh/goamz/ec2"
 	"github.com/mitchellh/goamz/elb"
+	"log"
 )
 
 // Takes the result of flatmap.Expand for an array of listeners and
@@ -27,6 +29,43 @@ func expandListeners(configured []interface{}) []elb.Listener {
 	return listeners
 }
 
+// Takes the result of flatmap.Expand for an array of ingress/egress
+// security group rules and returns EC2 API compatible objects
+func expandIPPerms(configured []interface{}) []ec2.IPPerm {
+	perms := make([]ec2.IPPerm, 0, len(configured))
+
+	// Loop over our configured permissions and create
+	// an array of goamz/ec2 compatabile objects
+	for _, perm := range configured {
+		newP := perm.(map[string]interface{})
+		log.Println(newP)
+
+		// Loop over the array of sg ids and built
+		// compatibile goamz objects
+		groups := expandStringList(newP["security_groups"].([]interface{}))
+		expandedGroups := make([]ec2.UserSecurityGroup, 0, len(groups))
+		for _, g := range groups {
+			newG := ec2.UserSecurityGroup{
+				Id: g,
+			}
+			expandedGroups = append(expandedGroups, newG)
+		}
+
+		// Create the permission objet
+		p := ec2.IPPerm{
+			Protocol:     newP["protocol"].(string),
+			FromPort:     newP["from_port"].(int),
+			ToPort:       newP["to_port"].(int),
+			SourceIPs:    expandStringList(newP["cidr_blocks"].([]interface{})),
+			SourceGroups: expandedGroups,
+		}
+
+		perms = append(perms, p)
+	}
+
+	return perms
+}
+
 // Takes the result of flatmap.Expand for an array of strings
 // and returns a []string
 func expandStringList(configured []interface{}) []string {
diff --git a/builtin/providers/aws/structure_test.go b/builtin/providers/aws/structure_test.go
index d534e4c24..2466af96d 100644
--- a/builtin/providers/aws/structure_test.go
+++ b/builtin/providers/aws/structure_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/hashicorp/terraform/flatmap"
+	"github.com/mitchellh/goamz/ec2"
 	"github.com/mitchellh/goamz/elb"
 )
 
@@ -19,9 +20,41 @@ func testConf() map[string]string {
 		"availability_zones.#":         "2",
 		"availability_zones.0":         "us-east-1a",
 		"availability_zones.1":         "us-east-1b",
+		"egress.#":                     "1",
+		"egress.0.protocol":            "icmp",
+		"egress.0.from_port":           "1",
+		"egress.0.to_port":             "-1",
+		"egress.0.cidr_blocks.#":       "1",
+		"egress.0.cidr_blocks.0":       "0.0.0.0/0",
+		"egress.0.security_groups.#":   "1",
+		"egress.0.security_groups.0":   "sg-11111",
 	}
 }
 
+func Test_expandIPPerms(t *testing.T) {
+	expanded := flatmap.Expand(testConf(), "egress").([]interface{})
+	perms := expandIPPerms(expanded)
+	expected := ec2.IPPerm{
+		Protocol:  "icmp",
+		FromPort:  1,
+		ToPort:    -1,
+		SourceIPs: []string{"0.0.0.0/0"},
+		SourceGroups: []ec2.UserSecurityGroup{
+			ec2.UserSecurityGroup{
+				Id: "sg-11111",
+			},
+		},
+	}
+
+	if !reflect.DeepEqual(perms[0], expected) {
+		t.Fatalf(
+			"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
+			perms[0],
+			expected)
+	}
+
+}
+
 func Test_expandListeners(t *testing.T) {
 	expanded := flatmap.Expand(testConf(), "listener").([]interface{})
 	listeners := expandListeners(expanded)