aws_network_acl: return error if protocol is invalid
This commit is contained in:
parent
4b154b8fe7
commit
aad594aed3
|
@ -2,12 +2,18 @@ package aws
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/mitchellh/goamz/ec2"
|
"github.com/mitchellh/goamz/ec2"
|
||||||
|
"fmt"
|
||||||
)
|
)
|
||||||
|
|
||||||
func expandNetworkAclEntries(configured []interface{}, entryType string) []ec2.NetworkAclEntry {
|
func expandNetworkAclEntries(configured []interface{}, entryType string) ([]ec2.NetworkAclEntry, error) {
|
||||||
entries := make([]ec2.NetworkAclEntry, 0, len(configured))
|
entries := make([]ec2.NetworkAclEntry, 0, len(configured))
|
||||||
for _, eRaw := range configured {
|
for _, eRaw := range configured {
|
||||||
data := eRaw.(map[string]interface{})
|
data := eRaw.(map[string]interface{})
|
||||||
|
protocol := data["protocol"].(string)
|
||||||
|
_, ok := protocolIntegers()[protocol]
|
||||||
|
if(!ok){
|
||||||
|
return nil, fmt.Errorf("Invalid Protocol %s for rule %#v", protocol, data)
|
||||||
|
}
|
||||||
p := extractProtocolInteger(data["protocol"].(string))
|
p := extractProtocolInteger(data["protocol"].(string))
|
||||||
e := ec2.NetworkAclEntry{
|
e := ec2.NetworkAclEntry{
|
||||||
Protocol: p,
|
Protocol: p,
|
||||||
|
@ -23,7 +29,7 @@ func expandNetworkAclEntries(configured []interface{}, entryType string) []ec2.N
|
||||||
entries = append(entries, e)
|
entries = append(entries, e)
|
||||||
}
|
}
|
||||||
|
|
||||||
return entries
|
return entries, nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -63,6 +69,7 @@ func protocolIntegers() map[string]int {
|
||||||
"udp": 17,
|
"udp": 17,
|
||||||
"tcp": 6,
|
"tcp": 6,
|
||||||
"icmp": 1,
|
"icmp": 1,
|
||||||
|
"all": -1,
|
||||||
}
|
}
|
||||||
return protocolIntegers
|
return protocolIntegers
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,7 +26,7 @@ func Test_expandNetworkAclEntry(t *testing.T) {
|
||||||
"rule_no": 2,
|
"rule_no": 2,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
expanded := expandNetworkAclEntries(input, "egress")
|
expanded, _ := expandNetworkAclEntries(input, "egress")
|
||||||
|
|
||||||
expected := []ec2.NetworkAclEntry{
|
expected := []ec2.NetworkAclEntry{
|
||||||
ec2.NetworkAclEntry{
|
ec2.NetworkAclEntry{
|
||||||
|
|
|
@ -211,8 +211,11 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, ec2conn *
|
||||||
|
|
||||||
os := o.(*schema.Set)
|
os := o.(*schema.Set)
|
||||||
ns := n.(*schema.Set)
|
ns := n.(*schema.Set)
|
||||||
toBeDeleted := expandNetworkAclEntries(os.Difference(ns).List(), entryType)
|
|
||||||
toBeCreated := expandNetworkAclEntries(ns.Difference(os).List(), entryType)
|
toBeDeleted, err := expandNetworkAclEntries(os.Difference(ns).List(), entryType)
|
||||||
|
if(err != nil){
|
||||||
|
return err
|
||||||
|
}
|
||||||
for _, remove := range toBeDeleted {
|
for _, remove := range toBeDeleted {
|
||||||
// Delete old Acl
|
// Delete old Acl
|
||||||
_, err := ec2conn.DeleteNetworkAclEntry(d.Id(), remove.RuleNumber, remove.Egress)
|
_, err := ec2conn.DeleteNetworkAclEntry(d.Id(), remove.RuleNumber, remove.Egress)
|
||||||
|
@ -221,6 +224,10 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, ec2conn *
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
toBeCreated, err := expandNetworkAclEntries(ns.Difference(os).List(), entryType)
|
||||||
|
if(err != nil){
|
||||||
|
return err
|
||||||
|
}
|
||||||
for _, add := range toBeCreated {
|
for _, add := range toBeCreated {
|
||||||
// Add new Acl entry
|
// Add new Acl entry
|
||||||
_, err := ec2conn.CreateNetworkAclEntry(d.Id(), &add)
|
_, err := ec2conn.CreateNetworkAclEntry(d.Id(), &add)
|
||||||
|
|
Loading…
Reference in New Issue