providers/aws: egress and ingress for sg

This commit is contained in:
Jack Pearkes 2014-07-08 16:33:59 -04:00
parent 3318fe97dc
commit 47468c32a4
3 changed files with 96 additions and 0 deletions

View File

@ -6,6 +6,7 @@ import (
"github.com/hashicorp/terraform/helper/diff"
"github.com/hashicorp/terraform/terraform"
"github.com/hashicorp/terraform/flatmap"
"github.com/mitchellh/goamz/ec2"
)
@ -33,9 +34,32 @@ func resource_aws_security_group_create(
}
rs.ID = createResp.Id
group := createResp.SecurityGroup
log.Printf("[INFO] Security Group ID: %s", rs.ID)
// Expand the "ingress" array to goamz compat []ec2.IPPerm
v := flatmap.Expand(rs.Attributes, "ingress").([]interface{})
ingressRules := expandIPPerms(v)
// Expand the "egress" array to goamz compat []ec2.IPPerm
v = flatmap.Expand(rs.Attributes, "egress").([]interface{})
egressRules := expandIPPerms(v)
if len(egressRules) > 0 {
_, err = ec2conn.AuthorizeSecurityGroupEgress(group, egressRules)
if err != nil {
return rs, fmt.Errorf("Error authorizing security group egress rules: %s", err)
}
}
if len(egressRules) > 0 {
_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
if err != nil {
return rs, fmt.Errorf("Error authorizing security group ingress rules: %s", err)
}
}
sg, err := resource_aws_security_group_retrieve(rs.ID, ec2conn)
if err != nil {
return rs, err

View File

@ -1,7 +1,9 @@
package aws
import (
"github.com/mitchellh/goamz/ec2"
"github.com/mitchellh/goamz/elb"
"log"
)
// Takes the result of flatmap.Expand for an array of listeners and
@ -27,6 +29,43 @@ func expandListeners(configured []interface{}) []elb.Listener {
return listeners
}
// Takes the result of flatmap.Expand for an array of ingress/egress
// security group rules and returns EC2 API compatible objects
func expandIPPerms(configured []interface{}) []ec2.IPPerm {
perms := make([]ec2.IPPerm, 0, len(configured))
// Loop over our configured permissions and create
// an array of goamz/ec2 compatabile objects
for _, perm := range configured {
newP := perm.(map[string]interface{})
log.Println(newP)
// Loop over the array of sg ids and built
// compatibile goamz objects
groups := expandStringList(newP["security_groups"].([]interface{}))
expandedGroups := make([]ec2.UserSecurityGroup, 0, len(groups))
for _, g := range groups {
newG := ec2.UserSecurityGroup{
Id: g,
}
expandedGroups = append(expandedGroups, newG)
}
// Create the permission objet
p := ec2.IPPerm{
Protocol: newP["protocol"].(string),
FromPort: newP["from_port"].(int),
ToPort: newP["to_port"].(int),
SourceIPs: expandStringList(newP["cidr_blocks"].([]interface{})),
SourceGroups: expandedGroups,
}
perms = append(perms, p)
}
return perms
}
// Takes the result of flatmap.Expand for an array of strings
// and returns a []string
func expandStringList(configured []interface{}) []string {

View File

@ -5,6 +5,7 @@ import (
"testing"
"github.com/hashicorp/terraform/flatmap"
"github.com/mitchellh/goamz/ec2"
"github.com/mitchellh/goamz/elb"
)
@ -19,9 +20,41 @@ func testConf() map[string]string {
"availability_zones.#": "2",
"availability_zones.0": "us-east-1a",
"availability_zones.1": "us-east-1b",
"egress.#": "1",
"egress.0.protocol": "icmp",
"egress.0.from_port": "1",
"egress.0.to_port": "-1",
"egress.0.cidr_blocks.#": "1",
"egress.0.cidr_blocks.0": "0.0.0.0/0",
"egress.0.security_groups.#": "1",
"egress.0.security_groups.0": "sg-11111",
}
}
func Test_expandIPPerms(t *testing.T) {
expanded := flatmap.Expand(testConf(), "egress").([]interface{})
perms := expandIPPerms(expanded)
expected := ec2.IPPerm{
Protocol: "icmp",
FromPort: 1,
ToPort: -1,
SourceIPs: []string{"0.0.0.0/0"},
SourceGroups: []ec2.UserSecurityGroup{
ec2.UserSecurityGroup{
Id: "sg-11111",
},
},
}
if !reflect.DeepEqual(perms[0], expected) {
t.Fatalf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
perms[0],
expected)
}
}
func Test_expandListeners(t *testing.T) {
expanded := flatmap.Expand(testConf(), "listener").([]interface{})
listeners := expandListeners(expanded)