aws: Don't try to modify or delete the untouchable network_acl rules.

AWS includes default rules with all network ACL resources which cannot
be modified by the user. Don't attempt to store them locally or change
them remotely if they are already stored -- it'll consistently result
in hashing problems.
This commit is contained in:
Christopher Tiwald 2015-05-06 09:10:44 -04:00
parent 03ee059da3
commit d14049c8ad
1 changed files with 15 additions and 0 deletions

View File

@ -151,6 +151,12 @@ func resourceAwsNetworkAclRead(d *schema.ResourceData, meta interface{}) error {
// separate the ingress and egress rules
for _, e := range networkAcl.Entries {
// Skip the default rules added by AWS. They can be neither
// configured or deleted by users.
if *e.RuleNumber == 32767 {
continue
}
if *e.Egress == true {
egressEntries = append(egressEntries, e)
} else {
@ -235,6 +241,15 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, conn *ec2
return err
}
for _, remove := range toBeDeleted {
// AWS includes default rules with all network ACLs that can be
// neither modified nor destroyed. They have a custom rule
// number that is out of bounds for any other rule. If we
// encounter it, just continue. There's no work to be done.
if *remove.RuleNumber == 32767 {
continue
}
// Delete old Acl
_, err := conn.DeleteNetworkACLEntry(&ec2.DeleteNetworkACLEntryInput{
NetworkACLID: aws.String(d.Id()),