providers/aws: expandIPPerms works again
This commit is contained in:
parent
33a7d32f40
commit
a594ef9a28
|
@ -3,7 +3,6 @@ package aws
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"strings"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/helper/resource"
|
"github.com/hashicorp/terraform/helper/resource"
|
||||||
|
@ -16,6 +15,7 @@ func resourceAwsSecurityGroup() *schema.Resource {
|
||||||
return &schema.Resource{
|
return &schema.Resource{
|
||||||
Create: resourceAwsSecurityGroupCreate,
|
Create: resourceAwsSecurityGroupCreate,
|
||||||
Read: resourceAwsSecurityGroupRead,
|
Read: resourceAwsSecurityGroupRead,
|
||||||
|
Update: resourceAwsSecurityGroupUpdate,
|
||||||
Delete: resourceAwsSecurityGroupDelete,
|
Delete: resourceAwsSecurityGroupDelete,
|
||||||
|
|
||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
|
@ -130,43 +130,7 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
|
||||||
}
|
}
|
||||||
ingressList := ingressRaw.([]interface{})
|
ingressList := ingressRaw.([]interface{})
|
||||||
if len(ingressList) > 0 {
|
if len(ingressList) > 0 {
|
||||||
ingressRules := make([]ec2.IPPerm, len(ingressList))
|
ingressRules := expandIPPerms(ingressList)
|
||||||
for i, mRaw := range ingressList {
|
|
||||||
var perm ec2.IPPerm
|
|
||||||
m := mRaw.(map[string]interface{})
|
|
||||||
|
|
||||||
perm.FromPort = m["from_port"].(int)
|
|
||||||
perm.ToPort = m["to_port"].(int)
|
|
||||||
perm.Protocol = m["protocol"].(string)
|
|
||||||
|
|
||||||
if raw, ok := m["security_groups"]; ok {
|
|
||||||
list := raw.([]interface{})
|
|
||||||
perm.SourceGroups = make([]ec2.UserSecurityGroup, len(list))
|
|
||||||
for i, v := range list {
|
|
||||||
name := v.(string)
|
|
||||||
ownerId, id := "", name
|
|
||||||
if items := strings.Split(id, "/"); len(items) > 1 {
|
|
||||||
ownerId, id = items[0], items[1]
|
|
||||||
}
|
|
||||||
|
|
||||||
perm.SourceGroups[i] = ec2.UserSecurityGroup{
|
|
||||||
Id: id,
|
|
||||||
OwnerId: ownerId,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if raw, ok := m["cidr_blocks"]; ok {
|
|
||||||
list := raw.([]interface{})
|
|
||||||
perm.SourceIPs = make([]string, len(list))
|
|
||||||
for i, v := range list {
|
|
||||||
perm.SourceIPs[i] = v.(string)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
ingressRules[i] = perm
|
|
||||||
}
|
|
||||||
|
|
||||||
_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
|
_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Error authorizing security group ingress rules: %s", err)
|
return fmt.Errorf("Error authorizing security group ingress rules: %s", err)
|
||||||
|
@ -176,6 +140,10 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
|
||||||
return resourceAwsSecurityGroupRead(d, meta)
|
return resourceAwsSecurityGroupRead(d, meta)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func resourceAwsSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
|
func resourceAwsSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
|
||||||
p := meta.(*ResourceProvider)
|
p := meta.(*ResourceProvider)
|
||||||
ec2conn := p.ec2conn
|
ec2conn := p.ec2conn
|
||||||
|
|
|
@ -41,69 +41,45 @@ func expandListeners(configured []interface{}) ([]elb.Listener, error) {
|
||||||
|
|
||||||
// Takes the result of flatmap.Expand for an array of ingress/egress
|
// Takes the result of flatmap.Expand for an array of ingress/egress
|
||||||
// security group rules and returns EC2 API compatible objects
|
// security group rules and returns EC2 API compatible objects
|
||||||
func expandIPPerms(configured []interface{}) ([]ec2.IPPerm, error) {
|
func expandIPPerms(configured []interface{}) []ec2.IPPerm {
|
||||||
perms := make([]ec2.IPPerm, 0, len(configured))
|
perms := make([]ec2.IPPerm, len(configured))
|
||||||
|
for i, mRaw := range configured {
|
||||||
|
var perm ec2.IPPerm
|
||||||
|
m := mRaw.(map[string]interface{})
|
||||||
|
|
||||||
// Loop over our configured permissions and create
|
perm.FromPort = m["from_port"].(int)
|
||||||
// an array of goamz/ec2 compatabile objects
|
perm.ToPort = m["to_port"].(int)
|
||||||
for _, perm := range configured {
|
perm.Protocol = m["protocol"].(string)
|
||||||
// Our permission object
|
|
||||||
newP := perm.(map[string]interface{})
|
|
||||||
|
|
||||||
// Our new returned goamz compatible permission
|
if raw, ok := m["security_groups"]; ok {
|
||||||
p := ec2.IPPerm{}
|
list := raw.([]interface{})
|
||||||
|
perm.SourceGroups = make([]ec2.UserSecurityGroup, len(list))
|
||||||
// Ports
|
for i, v := range list {
|
||||||
if attr, ok := newP["from_port"].(string); ok {
|
name := v.(string)
|
||||||
fromPort, err := strconv.Atoi(attr)
|
ownerId, id := "", name
|
||||||
if err != nil {
|
if items := strings.Split(id, "/"); len(items) > 1 {
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
p.FromPort = fromPort
|
|
||||||
}
|
|
||||||
|
|
||||||
if attr, ok := newP["to_port"].(string); ok {
|
|
||||||
toPort, err := strconv.Atoi(attr)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
p.ToPort = toPort
|
|
||||||
}
|
|
||||||
|
|
||||||
if attr, ok := newP["protocol"].(string); ok {
|
|
||||||
p.Protocol = attr
|
|
||||||
}
|
|
||||||
|
|
||||||
// Loop over the array of sg ids and built
|
|
||||||
// compatibile goamz objects
|
|
||||||
if secGroups, ok := newP["security_groups"].([]interface{}); ok {
|
|
||||||
expandedGroups := []ec2.UserSecurityGroup{}
|
|
||||||
gs := expandStringList(secGroups)
|
|
||||||
|
|
||||||
for _, g := range gs {
|
|
||||||
ownerId, id := "", g
|
|
||||||
if items := strings.Split(g, "/"); len(items) > 1 {
|
|
||||||
ownerId, id = items[0], items[1]
|
ownerId, id = items[0], items[1]
|
||||||
}
|
}
|
||||||
newG := ec2.UserSecurityGroup{
|
|
||||||
|
perm.SourceGroups[i] = ec2.UserSecurityGroup{
|
||||||
Id: id,
|
Id: id,
|
||||||
OwnerId: ownerId,
|
OwnerId: ownerId,
|
||||||
}
|
}
|
||||||
expandedGroups = append(expandedGroups, newG)
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
p.SourceGroups = expandedGroups
|
if raw, ok := m["cidr_blocks"]; ok {
|
||||||
|
list := raw.([]interface{})
|
||||||
|
perm.SourceIPs = make([]string, len(list))
|
||||||
|
for i, v := range list {
|
||||||
|
perm.SourceIPs[i] = v.(string)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Expand CIDR blocks
|
perms[i] = perm
|
||||||
if cidrBlocks, ok := newP["cidr_blocks"].([]interface{}); ok {
|
|
||||||
p.SourceIPs = expandStringList(cidrBlocks)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
perms = append(perms, p)
|
return perms
|
||||||
}
|
|
||||||
|
|
||||||
return perms, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Flattens an array of ipPerms into a list of primitives that
|
// Flattens an array of ipPerms into a list of primitives that
|
||||||
|
|
|
@ -33,12 +33,20 @@ func testConf() map[string]string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func Test_expandIPPerms(t *testing.T) {
|
func Test_expandIPPerms(t *testing.T) {
|
||||||
expanded := flatmap.Expand(testConf(), "ingress").([]interface{})
|
expanded := []interface{}{
|
||||||
perms, err := expandIPPerms(expanded)
|
map[string]interface{}{
|
||||||
|
"protocol": "icmp",
|
||||||
if err != nil {
|
"from_port": 1,
|
||||||
t.Fatalf("bad: %#v", err)
|
"to_port": -1,
|
||||||
|
"cidr_blocks": []interface{}{"0.0.0.0/0"},
|
||||||
|
"security_groups": []interface{}{
|
||||||
|
"sg-11111",
|
||||||
|
"foo/sg-22222",
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
perms := expandIPPerms(expanded)
|
||||||
|
|
||||||
expected := ec2.IPPerm{
|
expected := ec2.IPPerm{
|
||||||
Protocol: "icmp",
|
Protocol: "icmp",
|
||||||
FromPort: 1,
|
FromPort: 1,
|
||||||
|
@ -64,55 +72,6 @@ func Test_expandIPPerms(t *testing.T) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func Test_expandIPPerms_bad(t *testing.T) {
|
|
||||||
badConf := map[string]string{
|
|
||||||
"ingress.#": "1",
|
|
||||||
"ingress.0.from_port": "not number",
|
|
||||||
}
|
|
||||||
|
|
||||||
expanded := flatmap.Expand(badConf, "ingress").([]interface{})
|
|
||||||
perms, err := expandIPPerms(expanded)
|
|
||||||
|
|
||||||
if err == nil {
|
|
||||||
t.Fatalf("should have err: %#v", perms)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test_expandIPPerms_NoCidr(t *testing.T) {
|
|
||||||
conf := testConf()
|
|
||||||
delete(conf, "ingress.0.cidr_blocks.#")
|
|
||||||
delete(conf, "ingress.0.cidr_blocks.0")
|
|
||||||
|
|
||||||
expanded := flatmap.Expand(conf, "ingress").([]interface{})
|
|
||||||
perms, err := expandIPPerms(expanded)
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("bad: %#v", err)
|
|
||||||
}
|
|
||||||
expected := ec2.IPPerm{
|
|
||||||
Protocol: "icmp",
|
|
||||||
FromPort: 1,
|
|
||||||
ToPort: -1,
|
|
||||||
SourceGroups: []ec2.UserSecurityGroup{
|
|
||||||
ec2.UserSecurityGroup{
|
|
||||||
Id: "sg-11111",
|
|
||||||
},
|
|
||||||
ec2.UserSecurityGroup{
|
|
||||||
OwnerId: "foo",
|
|
||||||
Id: "sg-22222",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
if !reflect.DeepEqual(perms[0], expected) {
|
|
||||||
t.Fatalf(
|
|
||||||
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
|
|
||||||
perms[0],
|
|
||||||
expected)
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test_flattenIPPerms(t *testing.T) {
|
func Test_flattenIPPerms(t *testing.T) {
|
||||||
cases := []struct {
|
cases := []struct {
|
||||||
Input []ec2.IPPerm
|
Input []ec2.IPPerm
|
||||||
|
|
Loading…
Reference in New Issue