ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix icmp_type and icmp_code in aws_network_acl_rule. 

The ICMP type 0 (Echo Reply) was not handled correctly. This commit changes the
type of attributes "icmp_type" and "icmp_code" from TypeInt to TypeString,
allowing for the string value to be manually converted into an integer. This
enables an integer values such as -1, 0, 8, etc., coming from the resource
definition in the template to be handled correctly.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit is contained in:
Krzysztof Wilczynski 2016-07-16 03:28:09 +09:00
parent 31297f1c9b
commit 81003fa6b1
No known key found for this signature in database
GPG Key ID: B89F6447B63419A6
2 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
builtin/providers/aws/resource_aws_network_acl_rule.go
View File

@ -63,12 +63,12 @@ func resourceAwsNetworkAclRule() *schema.Resource {
ForceNew: true, ForceNew: true,
}, },
"icmp_type": &schema.Schema{ "icmp_type": &schema.Schema{
Type: schema.TypeInt, Type: schema.TypeString,
Optional: true, Optional: true,
ForceNew: true, ForceNew: true,
}, },
"icmp_code": &schema.Schema{ "icmp_code": &schema.Schema{
Type: schema.TypeInt, Type: schema.TypeString,
Optional: true, Optional: true,
ForceNew: true, ForceNew: true,
}, },
@ -103,14 +103,25 @@ func resourceAwsNetworkAclRuleCreate(d *schema.ResourceData, meta interface{}) e
}, },
} }
// Specify additional required fields for ICMP // Specify additional required fields for ICMP. For the list
// of ICMP codes and types, see: http://www.nthelp.com/icmp.html
if p == 1 { if p == 1 {
params.IcmpTypeCode = &ec2.IcmpTypeCode{} params.IcmpTypeCode = &ec2.IcmpTypeCode{}
if v, ok := d.GetOk("icmp_code"); ok { if v, ok := d.GetOk("icmp_code"); ok {
params.IcmpTypeCode.Code = aws.Int64(int64(v.(int))) icmpCode, err := strconv.Atoi(v.(string))
if err != nil {
return fmt.Errorf("Unable to parse ICMP code %s for rule %#v", v, d.Get("rule_number").(int))
}
params.IcmpTypeCode.Code = aws.Int64(int64(icmpCode))
log.Printf("[DEBUG] Transformed ICMP code %s into %d", v, icmpCode)
} }
if v, ok := d.GetOk("icmp_type"); ok { if v, ok := d.GetOk("icmp_type"); ok {
params.IcmpTypeCode.Type = aws.Int64(int64(v.(int))) icmpType, err := strconv.Atoi(v.(string))
if err != nil {
return fmt.Errorf("Unable to parse ICMP type %s for rule %#v", v, d.Get("rule_number").(int))
}
params.IcmpTypeCode.Type = aws.Int64(int64(icmpType))
log.Printf("[DEBUG] Transformed ICMP type %s into %d", v, icmpType)
} }
} }

14
builtin/providers/aws/resource_aws_network_acl_rule_test.go
View File

@ -23,7 +23,8 @@ func TestAccAWSNetworkAclRule_basic(t *testing.T) {
resource.TestStep{ resource.TestStep{
Config: testAccAWSNetworkAclRuleBasicConfig, Config: testAccAWSNetworkAclRuleBasicConfig,
Check: resource.ComposeTestCheckFunc( Check: resource.ComposeTestCheckFunc(
testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.bar", &networkAcl), testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.baz", &networkAcl),
testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.quux", &networkAcl),
), ),
}, },
}, },
@ -112,7 +113,7 @@ resource "aws_vpc" "foo" {
resource "aws_network_acl" "bar" { resource "aws_network_acl" "bar" {
vpc_id = "${aws_vpc.foo.id}" vpc_id = "${aws_vpc.foo.id}"
} }
resource "aws_network_acl_rule" "bar" { resource "aws_network_acl_rule" "baz" {
network_acl_id = "${aws_network_acl.bar.id}" network_acl_id = "${aws_network_acl.bar.id}"
rule_number = 200 rule_number = 200
egress = false egress = false
@ -122,4 +123,13 @@ resource "aws_network_acl_rule" "bar" {
from_port = 22 from_port = 22
to_port = 22 to_port = 22
} }
resource "aws_network_acl_rule" "quux" {
network_acl_id = "${aws_network_acl.bar.id}"
rule_number = 300
protocol = "icmp"
rule_action = "allow"
cidr_block = "0.0.0.0/0"
icmp_type = 0
icmp_code = -1
}
` `