provider/aws: fixes for Network ACL Rules
* Fixup Exists and CheckDestroy assertions * Make ingress/egress computed on network_acl, otherwise you could never use network_acl_rule with a managed network_acl without a perpetual diff.
This commit is contained in:
parent
b7e87bbf16
commit
7f62a49ebd
|
@ -50,7 +50,7 @@ func resourceAwsNetworkAcl() *schema.Resource {
|
||||||
Type: schema.TypeSet,
|
Type: schema.TypeSet,
|
||||||
Required: false,
|
Required: false,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
Computed: false,
|
Computed: true,
|
||||||
Elem: &schema.Resource{
|
Elem: &schema.Resource{
|
||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
"from_port": &schema.Schema{
|
"from_port": &schema.Schema{
|
||||||
|
@ -93,7 +93,7 @@ func resourceAwsNetworkAcl() *schema.Resource {
|
||||||
Type: schema.TypeSet,
|
Type: schema.TypeSet,
|
||||||
Required: false,
|
Required: false,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
Computed: false,
|
Computed: true,
|
||||||
Elem: &schema.Resource{
|
Elem: &schema.Resource{
|
||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
"from_port": &schema.Schema{
|
"from_port": &schema.Schema{
|
||||||
|
|
|
@ -2,6 +2,7 @@ package aws
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"strconv"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
|
@ -54,7 +55,7 @@ func testAccCheckAWSNetworkAclRuleDestroy(s *terraform.State) error {
|
||||||
if !ok {
|
if !ok {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if ec2err.Code() != "InvalidNetworkAclEntry.NotFound" {
|
if ec2err.Code() != "InvalidNetworkAclID.NotFound" {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -63,7 +64,6 @@ func testAccCheckAWSNetworkAclRuleDestroy(s *terraform.State) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) resource.TestCheckFunc {
|
func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) resource.TestCheckFunc {
|
||||||
|
|
||||||
return func(s *terraform.State) error {
|
return func(s *terraform.State) error {
|
||||||
conn := testAccProvider.Meta().(*AWSClient).ec2conn
|
conn := testAccProvider.Meta().(*AWSClient).ec2conn
|
||||||
rs, ok := s.RootModule().Resources[n]
|
rs, ok := s.RootModule().Resources[n]
|
||||||
|
@ -76,30 +76,30 @@ func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) r
|
||||||
}
|
}
|
||||||
|
|
||||||
req := &ec2.DescribeNetworkAclsInput{
|
req := &ec2.DescribeNetworkAclsInput{
|
||||||
NetworkAclIds: []*string{aws.String(rs.Primary.ID)},
|
NetworkAclIds: []*string{aws.String(rs.Primary.Attributes["network_acl_id"])},
|
||||||
}
|
}
|
||||||
resp, err := conn.DescribeNetworkAcls(req)
|
resp, err := conn.DescribeNetworkAcls(req)
|
||||||
if err == nil {
|
if err != nil {
|
||||||
if len(resp.NetworkAcls) > 0 && *resp.NetworkAcls[0].NetworkAclId == rs.Primary.ID {
|
|
||||||
networkAcl := resp.NetworkAcls[0]
|
|
||||||
if networkAcl.Entries == nil {
|
|
||||||
return fmt.Errorf("No Network ACL Entries exist")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
ec2err, ok := err.(awserr.Error)
|
|
||||||
if !ok {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if ec2err.Code() != "InvalidNetworkAclEntry.NotFound" {
|
if len(resp.NetworkAcls) != 1 {
|
||||||
|
return fmt.Errorf("Network ACL not found")
|
||||||
|
}
|
||||||
|
egress, err := strconv.ParseBool(rs.Primary.Attributes["egress"])
|
||||||
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
ruleNo, err := strconv.ParseInt(rs.Primary.Attributes["rule_number"], 10, 64)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
for _, e := range resp.NetworkAcls[0].Entries {
|
||||||
|
if *e.RuleNumber == ruleNo && *e.Egress == egress {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
}
|
||||||
return nil
|
return fmt.Errorf("Entry not found: %s", resp.NetworkAcls[0])
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const testAccAWSNetworkAclRuleBasicConfig = `
|
const testAccAWSNetworkAclRuleBasicConfig = `
|
||||||
|
|
Loading…
Reference in New Issue