This adds the source_dest_check attribute to the aws_network_interface resource
Defaults to true to be consistent with AWS
This commit is contained in:
parent
5a15c02cbb
commit
5554942721
|
@ -46,6 +46,12 @@ func resourceAwsNetworkInterface() *schema.Resource {
|
|||
Set: schema.HashString,
|
||||
},
|
||||
|
||||
"source_dest_check": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
Default: true,
|
||||
},
|
||||
|
||||
"attachment": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
|
@ -127,6 +133,7 @@ func resourceAwsNetworkInterfaceRead(d *schema.ResourceData, meta interface{}) e
|
|||
d.Set("subnet_id", eni.SubnetID)
|
||||
d.Set("private_ips", flattenNetworkInterfacesPrivateIPAddesses(eni.PrivateIPAddresses))
|
||||
d.Set("security_groups", flattenGroupIdentifiers(eni.Groups))
|
||||
d.Set("source_dest_check", eni.SourceDestCheck)
|
||||
|
||||
// Tags
|
||||
d.Set("tags", tagsToMap(eni.TagSet))
|
||||
|
@ -221,6 +228,18 @@ func resourceAwsNetworkInterfaceUpdate(d *schema.ResourceData, meta interface{})
|
|||
d.SetPartial("attachment")
|
||||
}
|
||||
|
||||
request := &ec2.ModifyNetworkInterfaceAttributeInput{
|
||||
NetworkInterfaceID: aws.String(d.Id()),
|
||||
SourceDestCheck: &ec2.AttributeBooleanValue{Value: aws.Boolean(d.Get("source_dest_check").(bool))},
|
||||
}
|
||||
|
||||
_, err := conn.ModifyNetworkInterfaceAttribute(request)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Failure updating ENI: %s", err)
|
||||
}
|
||||
|
||||
d.SetPartial("source_dest_check")
|
||||
|
||||
if d.HasChange("security_groups") {
|
||||
request := &ec2.ModifyNetworkInterfaceAttributeInput{
|
||||
NetworkInterfaceID: aws.String(d.Id()),
|
||||
|
|
|
@ -57,6 +57,26 @@ func TestAccAWSENI_attached(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestAccAWSENI_sourceDestCheck(t *testing.T) {
|
||||
var conf ec2.NetworkInterface
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckAWSENIDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSENIConfigWithSourceDestCheck,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckAWSENIExists("aws_network_interface.bar", &conf),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_interface.bar", "source_dest_check", "false"),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccCheckAWSENIExists(n string, res *ec2.NetworkInterface) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
rs, ok := s.RootModule().Resources[n]
|
||||
|
@ -108,6 +128,10 @@ func testAccCheckAWSENIAttributes(conf *ec2.NetworkInterface) resource.TestCheck
|
|||
return fmt.Errorf("expected private ip to be 172.16.10.100, but was %s", *conf.PrivateIPAddress)
|
||||
}
|
||||
|
||||
if *conf.SourceDestCheck != true {
|
||||
return fmt.Errorf("expected source_dest_check to be true, but was %t", *conf.SourceDestCheck)
|
||||
}
|
||||
|
||||
if len(conf.TagSet) == 0 {
|
||||
return fmt.Errorf("expected tags")
|
||||
}
|
||||
|
@ -201,6 +225,24 @@ resource "aws_network_interface" "bar" {
|
|||
}
|
||||
`
|
||||
|
||||
const testAccAWSENIConfigWithSourceDestCheck = `
|
||||
resource "aws_vpc" "foo" {
|
||||
cidr_block = "172.16.0.0/16"
|
||||
}
|
||||
|
||||
resource "aws_subnet" "foo" {
|
||||
vpc_id = "${aws_vpc.foo.id}"
|
||||
cidr_block = "172.16.10.0/24"
|
||||
availability_zone = "us-west-2a"
|
||||
}
|
||||
|
||||
resource "aws_network_interface" "bar" {
|
||||
subnet_id = "${aws_subnet.foo.id}"
|
||||
source_dest_check = false
|
||||
private_ips = ["172.16.10.100"]
|
||||
}
|
||||
`
|
||||
|
||||
const testAccAWSENIConfigWithAttachment = `
|
||||
resource "aws_vpc" "foo" {
|
||||
cidr_block = "172.16.0.0/16"
|
||||
|
|
|
@ -32,6 +32,7 @@ The following arguments are supported:
|
|||
* `private_ips` - (Optional) List of private IPs to assign to the ENI.
|
||||
* `security_groups` - (Optional) List of security group IDs to assign to the ENI.
|
||||
* `attachment` - (Required) Block to define the attachment of the ENI. Documented below.
|
||||
* `source_dest_check` - (Optional) Whether to enable source destination checking for the ENI. Default true.
|
||||
* `tags` - (Optional) A mapping of tags to assign to the resource.
|
||||
|
||||
The `attachment` block supports:
|
||||
|
@ -47,5 +48,6 @@ The following attributes are exported:
|
|||
* `private_ips` - List of private IPs assigned to the ENI.
|
||||
* `security_groups` - List of security groups attached to the ENI.
|
||||
* `attachment` - Block defining the attachment of the ENI.
|
||||
* `source_dest_check` - Whether source destination checking is enabled
|
||||
* `tags` - Tags assigned to the ENI.
|
||||
|
||||
|
|
Loading…
Reference in New Issue