ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add warning message to explain scenario of conflicting rules

This commit is contained in:
Clint Shryock 2015-06-19 11:23:59 -05:00
parent 24ee2e5d53
commit 645a5aa55b
1 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
builtin/providers/aws/resource_aws_security_group_rule.go
View File

@ -94,6 +94,7 @@ func resourceAwsSecurityGroupRuleCreate(d *schema.ResourceData, meta interface{}
ruleType := d.Get("type").(string) ruleType := d.Get("type").(string)
var autherr error
switch ruleType { switch ruleType {
case "ingress": case "ingress":
log.Printf("[DEBUG] Authorizing security group %s %s rule: %s", log.Printf("[DEBUG] Authorizing security group %s %s rule: %s",
@ -109,13 +110,7 @@ func resourceAwsSecurityGroupRuleCreate(d *schema.ResourceData, meta interface{}
req.GroupName = sg.GroupName req.GroupName = sg.GroupName
} }
_, err := conn.AuthorizeSecurityGroupIngress(req) _, autherr = conn.AuthorizeSecurityGroupIngress(req)
if err != nil {
return fmt.Errorf(
"Error authorizing security group %s rules: %s",
"rules", err)
}
case "egress": case "egress":
log.Printf("[DEBUG] Authorizing security group %s %s rule: %#v", log.Printf("[DEBUG] Authorizing security group %s %s rule: %#v",
@ -126,18 +121,28 @@ func resourceAwsSecurityGroupRuleCreate(d *schema.ResourceData, meta interface{}
IPPermissions: []*ec2.IPPermission{perm}, IPPermissions: []*ec2.IPPermission{perm},
} }
_, err = conn.AuthorizeSecurityGroupEgress(req) _, autherr = conn.AuthorizeSecurityGroupEgress(req)
if err != nil {
return fmt.Errorf(
"Error authorizing security group %s rules: %s",
"rules", err)
}
default: default:
return fmt.Errorf("Security Group Rule must be type 'ingress' or type 'egress'") return fmt.Errorf("Security Group Rule must be type 'ingress' or type 'egress'")
} }
if autherr != nil {
if awsErr, ok := autherr.(awserr.Error); ok {
if awsErr.Code() == "InvalidPermission.Duplicate" {
return fmt.Errorf(`[WARN] A duplicate Security Group rule was found. This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See https://github.com/hashicorp/teraform/pull/2376 for more
information and instructions for recovery. Error message: %s`, awsErr.Message())
}
}
return fmt.Errorf(
"Error authorizing security group rule type %s: %s",
ruleType, autherr)
}
d.SetId(ipPermissionIDHash(ruleType, perm)) d.SetId(ipPermissionIDHash(ruleType, perm))
return resourceAwsSecurityGroupRuleRead(d, meta) return resourceAwsSecurityGroupRuleRead(d, meta)