provider/aws: fixes for Network ACL Rules

* Fixup Exists and CheckDestroy assertions
 * Make ingress/egress computed on network_acl, otherwise you could
   never use network_acl_rule with a managed network_acl without a
   perpetual diff.
This commit is contained in:
Paul Hinze 2015-12-22 09:58:22 -06:00
parent b7e87bbf16
commit 7f62a49ebd
2 changed files with 23 additions and 23 deletions

View File

@ -50,7 +50,7 @@ func resourceAwsNetworkAcl() *schema.Resource {
Type: schema.TypeSet, Type: schema.TypeSet,
Required: false, Required: false,
Optional: true, Optional: true,
Computed: false, Computed: true,
Elem: &schema.Resource{ Elem: &schema.Resource{
Schema: map[string]*schema.Schema{ Schema: map[string]*schema.Schema{
"from_port": &schema.Schema{ "from_port": &schema.Schema{
@ -93,7 +93,7 @@ func resourceAwsNetworkAcl() *schema.Resource {
Type: schema.TypeSet, Type: schema.TypeSet,
Required: false, Required: false,
Optional: true, Optional: true,
Computed: false, Computed: true,
Elem: &schema.Resource{ Elem: &schema.Resource{
Schema: map[string]*schema.Schema{ Schema: map[string]*schema.Schema{
"from_port": &schema.Schema{ "from_port": &schema.Schema{

View File

@ -2,6 +2,7 @@ package aws
import ( import (
"fmt" "fmt"
"strconv"
"testing" "testing"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
@ -54,7 +55,7 @@ func testAccCheckAWSNetworkAclRuleDestroy(s *terraform.State) error {
if !ok { if !ok {
return err return err
} }
if ec2err.Code() != "InvalidNetworkAclEntry.NotFound" { if ec2err.Code() != "InvalidNetworkAclID.NotFound" {
return err return err
} }
} }
@ -63,7 +64,6 @@ func testAccCheckAWSNetworkAclRuleDestroy(s *terraform.State) error {
} }
func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) resource.TestCheckFunc { func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) resource.TestCheckFunc {
return func(s *terraform.State) error { return func(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ec2conn conn := testAccProvider.Meta().(*AWSClient).ec2conn
rs, ok := s.RootModule().Resources[n] rs, ok := s.RootModule().Resources[n]
@ -76,30 +76,30 @@ func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) r
} }
req := &ec2.DescribeNetworkAclsInput{ req := &ec2.DescribeNetworkAclsInput{
NetworkAclIds: []*string{aws.String(rs.Primary.ID)}, NetworkAclIds: []*string{aws.String(rs.Primary.Attributes["network_acl_id"])},
} }
resp, err := conn.DescribeNetworkAcls(req) resp, err := conn.DescribeNetworkAcls(req)
if err == nil { if err != nil {
if len(resp.NetworkAcls) > 0 && *resp.NetworkAcls[0].NetworkAclId == rs.Primary.ID { return err
networkAcl := resp.NetworkAcls[0] }
if networkAcl.Entries == nil { if len(resp.NetworkAcls) != 1 {
return fmt.Errorf("No Network ACL Entries exist") return fmt.Errorf("Network ACL not found")
} }
egress, err := strconv.ParseBool(rs.Primary.Attributes["egress"])
if err != nil {
return err
}
ruleNo, err := strconv.ParseInt(rs.Primary.Attributes["rule_number"], 10, 64)
if err != nil {
return err
}
for _, e := range resp.NetworkAcls[0].Entries {
if *e.RuleNumber == ruleNo && *e.Egress == egress {
return nil
} }
} }
return fmt.Errorf("Entry not found: %s", resp.NetworkAcls[0])
ec2err, ok := err.(awserr.Error)
if !ok {
return err
}
if ec2err.Code() != "InvalidNetworkAclEntry.NotFound" {
return err
}
return nil
} }
return nil
} }
const testAccAWSNetworkAclRuleBasicConfig = ` const testAccAWSNetworkAclRuleBasicConfig = `