aws_network_acl: return error if protocol is invalid

This commit is contained in:
Sneha Somwanshi 2014-12-08 16:18:39 +05:30
parent 4b154b8fe7
commit aad594aed3
3 changed files with 19 additions and 5 deletions

View File

@ -2,12 +2,18 @@ package aws
import ( import (
"github.com/mitchellh/goamz/ec2" "github.com/mitchellh/goamz/ec2"
"fmt"
) )
func expandNetworkAclEntries(configured []interface{}, entryType string) []ec2.NetworkAclEntry { func expandNetworkAclEntries(configured []interface{}, entryType string) ([]ec2.NetworkAclEntry, error) {
entries := make([]ec2.NetworkAclEntry, 0, len(configured)) entries := make([]ec2.NetworkAclEntry, 0, len(configured))
for _, eRaw := range configured { for _, eRaw := range configured {
data := eRaw.(map[string]interface{}) data := eRaw.(map[string]interface{})
protocol := data["protocol"].(string)
_, ok := protocolIntegers()[protocol]
if(!ok){
return nil, fmt.Errorf("Invalid Protocol %s for rule %#v", protocol, data)
}
p := extractProtocolInteger(data["protocol"].(string)) p := extractProtocolInteger(data["protocol"].(string))
e := ec2.NetworkAclEntry{ e := ec2.NetworkAclEntry{
Protocol: p, Protocol: p,
@ -23,7 +29,7 @@ func expandNetworkAclEntries(configured []interface{}, entryType string) []ec2.N
entries = append(entries, e) entries = append(entries, e)
} }
return entries return entries, nil
} }
@ -63,6 +69,7 @@ func protocolIntegers() map[string]int {
"udp": 17, "udp": 17,
"tcp": 6, "tcp": 6,
"icmp": 1, "icmp": 1,
"all": -1,
} }
return protocolIntegers return protocolIntegers
} }

View File

@ -26,7 +26,7 @@ func Test_expandNetworkAclEntry(t *testing.T) {
"rule_no": 2, "rule_no": 2,
}, },
} }
expanded := expandNetworkAclEntries(input, "egress") expanded, _ := expandNetworkAclEntries(input, "egress")
expected := []ec2.NetworkAclEntry{ expected := []ec2.NetworkAclEntry{
ec2.NetworkAclEntry{ ec2.NetworkAclEntry{

View File

@ -211,8 +211,11 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, ec2conn *
os := o.(*schema.Set) os := o.(*schema.Set)
ns := n.(*schema.Set) ns := n.(*schema.Set)
toBeDeleted := expandNetworkAclEntries(os.Difference(ns).List(), entryType)
toBeCreated := expandNetworkAclEntries(ns.Difference(os).List(), entryType) toBeDeleted, err := expandNetworkAclEntries(os.Difference(ns).List(), entryType)
if(err != nil){
return err
}
for _, remove := range toBeDeleted { for _, remove := range toBeDeleted {
// Delete old Acl // Delete old Acl
_, err := ec2conn.DeleteNetworkAclEntry(d.Id(), remove.RuleNumber, remove.Egress) _, err := ec2conn.DeleteNetworkAclEntry(d.Id(), remove.RuleNumber, remove.Egress)
@ -221,6 +224,10 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, ec2conn *
} }
} }
toBeCreated, err := expandNetworkAclEntries(ns.Difference(os).List(), entryType)
if(err != nil){
return err
}
for _, add := range toBeCreated { for _, add := range toBeCreated {
// Add new Acl entry // Add new Acl entry
_, err := ec2conn.CreateNetworkAclEntry(d.Id(), &add) _, err := ec2conn.CreateNetworkAclEntry(d.Id(), &add)