fix security group rules bug (#15114)
This commit is contained in:
parent
aac988da93
commit
cfc15e030b
|
@ -42,7 +42,7 @@ func resourceAliyunInstance() *schema.Resource {
|
|||
"security_groups": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
Optional: true,
|
||||
Required: true,
|
||||
},
|
||||
|
||||
"allocate_public_ip": &schema.Schema{
|
||||
|
|
|
@ -69,12 +69,14 @@ func resourceAliyunSecurityGroupRule() *schema.Resource {
|
|||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ForceNew: true,
|
||||
ConflictsWith: []string{"source_security_group_id"},
|
||||
},
|
||||
|
||||
"source_security_group_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ForceNew: true,
|
||||
ConflictsWith: []string{"cidr_ip"},
|
||||
},
|
||||
|
||||
"source_group_owner_account": &schema.Schema{
|
||||
|
@ -248,21 +250,12 @@ func buildAliyunSecurityIngressArgs(d *schema.ResourceData, meta interface{}) (*
|
|||
args.Priority = v
|
||||
}
|
||||
|
||||
if v := d.Get("nic_type").(string); v != "" {
|
||||
args.NicType = ecs.NicType(v)
|
||||
if v := d.Get("cidr_ip").(string); v != "" {
|
||||
args.SourceCidrIp = v
|
||||
}
|
||||
|
||||
cidrIp := d.Get("cidr_ip").(string)
|
||||
sourceGroupId := d.Get("source_security_group_id").(string)
|
||||
if err := checkCidrAndSourceGroupId(cidrIp, sourceGroupId); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if cidrIp != "" {
|
||||
args.SourceCidrIp = cidrIp
|
||||
}
|
||||
|
||||
if sourceGroupId != "" {
|
||||
args.SourceGroupId = sourceGroupId
|
||||
if v := d.Get("source_security_group_id").(string); v != "" {
|
||||
args.SourceGroupId = v
|
||||
}
|
||||
|
||||
if v := d.Get("source_group_owner_account").(string); v != "" {
|
||||
|
@ -276,11 +269,21 @@ func buildAliyunSecurityIngressArgs(d *schema.ResourceData, meta interface{}) (*
|
|||
RegionId: getRegion(d, meta),
|
||||
}
|
||||
|
||||
_, err := conn.DescribeSecurityGroupAttribute(sgArgs)
|
||||
group, err := conn.DescribeSecurityGroupAttribute(sgArgs)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Error get security group %s error: %#v", sgId, err)
|
||||
}
|
||||
|
||||
if v := d.Get("nic_type").(string); v != "" {
|
||||
if (group != nil && group.VpcId != "") || args.SourceGroupId != "" {
|
||||
if GroupRuleNicType(v) != GroupRuleIntranet {
|
||||
return nil, fmt.Errorf("When security group in the vpc or authorizing permission for source security group, " +
|
||||
"the nic_type must be 'intranet'.")
|
||||
}
|
||||
}
|
||||
args.NicType = ecs.NicType(v)
|
||||
}
|
||||
|
||||
args.SecurityGroupId = sgId
|
||||
|
||||
return args, nil
|
||||
|
@ -309,21 +312,12 @@ func buildAliyunSecurityEgressArgs(d *schema.ResourceData, meta interface{}) (*e
|
|||
args.Priority = v
|
||||
}
|
||||
|
||||
if v := d.Get("nic_type").(string); v != "" {
|
||||
args.NicType = ecs.NicType(v)
|
||||
if v := d.Get("cidr_ip").(string); v != "" {
|
||||
args.DestCidrIp = v
|
||||
}
|
||||
|
||||
cidrIp := d.Get("cidr_ip").(string)
|
||||
sourceGroupId := d.Get("source_security_group_id").(string)
|
||||
if err := checkCidrAndSourceGroupId(cidrIp, sourceGroupId); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if cidrIp != "" {
|
||||
args.DestCidrIp = cidrIp
|
||||
}
|
||||
|
||||
if sourceGroupId != "" {
|
||||
args.DestGroupId = sourceGroupId
|
||||
if v := d.Get("source_security_group_id").(string); v != "" {
|
||||
args.DestGroupId = v
|
||||
}
|
||||
|
||||
if v := d.Get("source_group_owner_account").(string); v != "" {
|
||||
|
@ -337,11 +331,21 @@ func buildAliyunSecurityEgressArgs(d *schema.ResourceData, meta interface{}) (*e
|
|||
RegionId: getRegion(d, meta),
|
||||
}
|
||||
|
||||
_, err := conn.DescribeSecurityGroupAttribute(sgArgs)
|
||||
group, err := conn.DescribeSecurityGroupAttribute(sgArgs)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Error get security group %s error: %#v", sgId, err)
|
||||
}
|
||||
|
||||
if v := d.Get("nic_type").(string); v != "" {
|
||||
if (group != nil && group.VpcId != "") || args.DestGroupId != "" {
|
||||
if GroupRuleNicType(v) != GroupRuleIntranet {
|
||||
return nil, fmt.Errorf("When security group in the vpc or authorizing permission for destination security group, " +
|
||||
"the nic_type must be 'intranet'.")
|
||||
}
|
||||
}
|
||||
args.NicType = ecs.NicType(v)
|
||||
}
|
||||
|
||||
args.SecurityGroupId = sgId
|
||||
|
||||
return args, nil
|
||||
|
|
|
@ -57,7 +57,7 @@ The following arguments are supported:
|
|||
* `image_id` - (Required) The Image to use for the instance. ECS instance's image can be replaced via changing 'image_id'.
|
||||
* `instance_type` - (Required) The type of instance to start.
|
||||
* `io_optimized` - (Required) Valid values are `none`, `optimized`, If `optimized`, the launched ECS instance will be I/O optimized.
|
||||
* `security_groups` - (Optional) A list of security group ids to associate with.
|
||||
* `security_groups` - (Required) A list of security group ids to associate with.
|
||||
* `availability_zone` - (Optional) The Zone to start the instance in.
|
||||
* `instance_name` - (Optional) The name of the ECS. This instance_name can have a string of 2 to 128 characters, must contain only alphanumeric characters or hyphens, such as "-",".","_", and must not begin or end with a hyphen, and must not begin with http:// or https://. If not specified,
|
||||
Terraform will autogenerate a default name is `ECS-Instance`.
|
||||
|
|
Loading…
Reference in New Issue