This adds the source_dest_check attribute to the aws_network_interface resource

Defaults to true to be consistent with AWS
2015-07-15 18:42:32 +00:00 · 2015-07-15 18:42:32 +00:00 · 5554942721
parent 5a15c02cbb
commit 5554942721
3 changed files with 63 additions and 0 deletions
--- a/builtin/providers/aws/resource_aws_network_interface.go
+++ b/builtin/providers/aws/resource_aws_network_interface.go
@ -46,6 +46,12 @@ func resourceAwsNetworkInterface() *schema.Resource {
 				Set:      schema.HashString,
 			},

+			"source_dest_check": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+
 			"attachment": &schema.Schema{
 				Type:     schema.TypeSet,
 				Optional: true,
@ -127,6 +133,7 @@ func resourceAwsNetworkInterfaceRead(d *schema.ResourceData, meta interface{}) e
 	d.Set("subnet_id", eni.SubnetID)
 	d.Set("private_ips", flattenNetworkInterfacesPrivateIPAddesses(eni.PrivateIPAddresses))
 	d.Set("security_groups", flattenGroupIdentifiers(eni.Groups))
+	d.Set("source_dest_check", eni.SourceDestCheck)

 	// Tags
 	d.Set("tags", tagsToMap(eni.TagSet))
@ -221,6 +228,18 @@ func resourceAwsNetworkInterfaceUpdate(d *schema.ResourceData, meta interface{})
 		d.SetPartial("attachment")
 	}

+	request := &ec2.ModifyNetworkInterfaceAttributeInput{
+		NetworkInterfaceID: aws.String(d.Id()),
+		SourceDestCheck:    &ec2.AttributeBooleanValue{Value: aws.Boolean(d.Get("source_dest_check").(bool))},
+	}
+
+	_, err := conn.ModifyNetworkInterfaceAttribute(request)
+	if err != nil {
+		return fmt.Errorf("Failure updating ENI: %s", err)
+	}
+
+	d.SetPartial("source_dest_check")
+
 	if d.HasChange("security_groups") {
 		request := &ec2.ModifyNetworkInterfaceAttributeInput{
 			NetworkInterfaceID: aws.String(d.Id()),
--- a/builtin/providers/aws/resource_aws_network_interface_test.go
+++ b/builtin/providers/aws/resource_aws_network_interface_test.go
@ -57,6 +57,26 @@ func TestAccAWSENI_attached(t *testing.T) {
 	})
 }

+func TestAccAWSENI_sourceDestCheck(t *testing.T) {
+	var conf ec2.NetworkInterface
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSENIDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSENIConfigWithSourceDestCheck,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSENIExists("aws_network_interface.bar", &conf),
+					resource.TestCheckResourceAttr(
+						"aws_network_interface.bar", "source_dest_check", "false"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSENIExists(n string, res *ec2.NetworkInterface) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@ -108,6 +128,10 @@ func testAccCheckAWSENIAttributes(conf *ec2.NetworkInterface) resource.TestCheck
 			return fmt.Errorf("expected private ip to be 172.16.10.100, but was %s", *conf.PrivateIPAddress)
 		}

+		if *conf.SourceDestCheck != true {
+			return fmt.Errorf("expected source_dest_check to be true, but was %t", *conf.SourceDestCheck)
+		}
+
 		if len(conf.TagSet) == 0 {
 			return fmt.Errorf("expected tags")
 		}
@ -201,6 +225,24 @@ resource "aws_network_interface" "bar" {
 }
 `

+const testAccAWSENIConfigWithSourceDestCheck = `
+resource "aws_vpc" "foo" {
+    cidr_block = "172.16.0.0/16"
+}
+
+resource "aws_subnet" "foo" {
+    vpc_id = "${aws_vpc.foo.id}"
+    cidr_block = "172.16.10.0/24"
+    availability_zone = "us-west-2a"
+}
+
+resource "aws_network_interface" "bar" {
+    subnet_id = "${aws_subnet.foo.id}"
+		source_dest_check = false
+    private_ips = ["172.16.10.100"]
+}
+`
+
 const testAccAWSENIConfigWithAttachment = `
 resource "aws_vpc" "foo" {
    cidr_block = "172.16.0.0/16"    
--- a/website/source/docs/providers/aws/r/network_interface.markdown
+++ b/website/source/docs/providers/aws/r/network_interface.markdown
@ -32,6 +32,7 @@ The following arguments are supported:
 * `private_ips` - (Optional) List of private IPs to assign to the ENI.
 * `security_groups` - (Optional) List of security group IDs to assign to the ENI.
 * `attachment` - (Required) Block to define the attachment of the ENI. Documented below.
+* `source_dest_check` - (Optional) Whether to enable source destination checking for the ENI. Default true.
 * `tags` - (Optional) A mapping of tags to assign to the resource.

 The `attachment` block supports:
@ -47,5 +48,6 @@ The following attributes are exported:
 * `private_ips` - List of private IPs assigned to the ENI.
 * `security_groups` - List of security groups attached to the ENI.
 * `attachment` - Block defining the attachment of the ENI.
+* `source_dest_check` - Whether source destination checking is enabled
 * `tags` - Tags assigned to the ENI.