providers/aws: fix security group self ingress rules on EC2-classic
This commit is contained in:
Mitchell Hashimoto
parent
18a83347b5
commit
d823a8cf81
|
|
@ -396,8 +396,8 @@ func resourceAwsSecurityGroupUpdateRules(
|
|||
os := o.(*schema.Set)
|
||||
ns := n.(*schema.Set)
|
||||
|
||||
remove := expandIPPerms(d.Id(), os.Difference(ns).List())
|
||||
add := expandIPPerms(d.Id(), ns.Difference(os).List())
|
||||
remove := expandIPPerms(group, os.Difference(ns).List())
|
||||
add := expandIPPerms(group, ns.Difference(os).List())
|
||||
|
||||
// TODO: We need to handle partial state better in the in-between
|
||||
// in this update.
|
||||
|
|
@ -452,6 +452,11 @@ func resourceAwsSecurityGroupUpdateRules(
|
|||
GroupID: group.GroupID,
|
||||
IPPermissions: add,
|
||||
}
|
||||
if group.VPCID == nil || *group.VPCID == "" {
|
||||
req.GroupID = nil
|
||||
req.GroupName = group.GroupName
|
||||
}
|
||||
|
||||
err = ec2conn.AuthorizeSecurityGroupIngress(req)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -39,7 +39,10 @@ func expandListeners(configured []interface{}) ([]elb.Listener, error) {
|
|||
|
||||
// Takes the result of flatmap.Expand for an array of ingress/egress
|
||||
// security group rules and returns EC2 API compatible objects
|
||||
func expandIPPerms(id string, configured []interface{}) []ec2.IPPermission {
|
||||
func expandIPPerms(
|
||||
group ec2.SecurityGroup, configured []interface{}) []ec2.IPPermission {
|
||||
vpc := group.VPCID != nil
|
||||
|
||||
perms := make([]ec2.IPPermission, len(configured))
|
||||
for i, mRaw := range configured {
|
||||
var perm ec2.IPPermission
|
||||
|
|
@ -57,7 +60,11 @@ func expandIPPerms(id string, configured []interface{}) []ec2.IPPermission {
|
|||
}
|
||||
}
|
||||
if v, ok := m["self"]; ok && v.(bool) {
|
||||
groups = append(groups, id)
|
||||
if vpc {
|
||||
groups = append(groups, *group.GroupID)
|
||||
} else {
|
||||
groups = append(groups, *group.GroupName)
|
||||
}
|
||||
}
|
||||
|
||||
if len(groups) > 0 {
|
||||
|
|
@ -72,6 +79,11 @@ func expandIPPerms(id string, configured []interface{}) []ec2.IPPermission {
|
|||
GroupID: aws.String(id),
|
||||
UserID: aws.String(ownerId),
|
||||
}
|
||||
if !vpc {
|
||||
perm.UserIDGroupPairs[i].GroupID = nil
|
||||
perm.UserIDGroupPairs[i].GroupName = aws.String(id)
|
||||
perm.UserIDGroupPairs[i].UserID = nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -59,7 +59,11 @@ func TestExpandIPPerms(t *testing.T) {
|
|||
"self": true,
|
||||
},
|
||||
}
|
||||
perms := expandIPPerms("foo", expanded)
|
||||
group := ec2.SecurityGroup{
|
||||
GroupID: aws.String("foo"),
|
||||
VPCID: aws.String("bar"),
|
||||
}
|
||||
perms := expandIPPerms(group, expanded)
|
||||
|
||||
expected := []ec2.IPPermission{
|
||||
ec2.IPPermission{
|
||||
|
|
@ -115,6 +119,79 @@ func TestExpandIPPerms(t *testing.T) {
|
|||
|
||||
}
|
||||
|
||||
func TestExpandIPPerms_nonVPC(t *testing.T) {
|
||||
hash := func(v interface{}) int {
|
||||
return hashcode.String(v.(string))
|
||||
}
|
||||
|
||||
expanded := []interface{}{
|
||||
map[string]interface{}{
|
||||
"protocol": "icmp",
|
||||
"from_port": 1,
|
||||
"to_port": -1,
|
||||
"cidr_blocks": []interface{}{"0.0.0.0/0"},
|
||||
"security_groups": schema.NewSet(hash, []interface{}{
|
||||
"sg-11111",
|
||||
"foo/sg-22222",
|
||||
}),
|
||||
},
|
||||
map[string]interface{}{
|
||||
"protocol": "icmp",
|
||||
"from_port": 1,
|
||||
"to_port": -1,
|
||||
"self": true,
|
||||
},
|
||||
}
|
||||
group := ec2.SecurityGroup{
|
||||
GroupName: aws.String("foo"),
|
||||
}
|
||||
perms := expandIPPerms(group, expanded)
|
||||
|
||||
expected := []ec2.IPPermission{
|
||||
ec2.IPPermission{
|
||||
IPProtocol: aws.String("icmp"),
|
||||
FromPort: aws.Integer(1),
|
||||
ToPort: aws.Integer(-1),
|
||||
IPRanges: []ec2.IPRange{ec2.IPRange{aws.String("0.0.0.0/0")}},
|
||||
UserIDGroupPairs: []ec2.UserIDGroupPair{
|
||||
ec2.UserIDGroupPair{
|
||||
GroupName: aws.String("sg-22222"),
|
||||
},
|
||||
ec2.UserIDGroupPair{
|
||||
GroupName: aws.String("sg-22222"),
|
||||
},
|
||||
},
|
||||
},
|
||||
ec2.IPPermission{
|
||||
IPProtocol: aws.String("icmp"),
|
||||
FromPort: aws.Integer(1),
|
||||
ToPort: aws.Integer(-1),
|
||||
UserIDGroupPairs: []ec2.UserIDGroupPair{
|
||||
ec2.UserIDGroupPair{
|
||||
GroupName: aws.String("foo"),
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
exp := expected[0]
|
||||
perm := perms[0]
|
||||
|
||||
if *exp.FromPort != *perm.FromPort {
|
||||
t.Fatalf(
|
||||
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
|
||||
*perm.FromPort,
|
||||
*exp.FromPort)
|
||||
}
|
||||
|
||||
if *exp.IPRanges[0].CIDRIP != *perm.IPRanges[0].CIDRIP {
|
||||
t.Fatalf(
|
||||
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
|
||||
*perm.IPRanges[0].CIDRIP,
|
||||
*exp.IPRanges[0].CIDRIP)
|
||||
}
|
||||
}
|
||||
|
||||
func TestExpandListeners(t *testing.T) {
|
||||
expanded := []interface{}{
|
||||
map[string]interface{}{
|
||||
|
|
|
|||
Loading…
Reference in New Issue