aws: Don't try to modify or delete the untouchable network_acl rules.

AWS includes default rules with all network ACL resources which cannot be modified by the user. Don't attempt to store them locally or change them remotely if they are already stored -- it'll consistently result in hashing problems.
2015-05-06 09:10:44 -04:00 · 2015-05-06 09:10:44 -04:00 · d14049c8ad
parent 03ee059da3
commit d14049c8ad
1 changed files with 15 additions and 0 deletions
--- a/builtin/providers/aws/resource_aws_network_acl.go
+++ b/builtin/providers/aws/resource_aws_network_acl.go
@ -151,6 +151,12 @@ func resourceAwsNetworkAclRead(d *schema.ResourceData, meta interface{}) error {

 	// separate the ingress and egress rules
 	for _, e := range networkAcl.Entries {
+		// Skip the default rules added by AWS. They can be neither
+		// configured or deleted by users.
+		if *e.RuleNumber == 32767 {
+			continue
+		}
+
 		if *e.Egress == true {
 			egressEntries = append(egressEntries, e)
 		} else {
@ -235,6 +241,15 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, conn *ec2
 		return err
 	}
 	for _, remove := range toBeDeleted {
+
+		// AWS includes default rules with all network ACLs that can be
+		// neither modified nor destroyed. They have a custom rule
+		// number that is out of bounds for any other rule. If we
+		// encounter it, just continue. There's no work to be done.
+		if *remove.RuleNumber == 32767 {
+			continue
+		}
+
 		// Delete old Acl
 		_, err := conn.DeleteNetworkACLEntry(&ec2.DeleteNetworkACLEntryInput{
 			NetworkACLID: aws.String(d.Id()),