providers/aws: fix assertion of non-required cidr blocks in sec groups

fixes #65, #86
This commit is contained in:
Jack Pearkes 2014-07-29 10:02:49 -04:00
parent 44489d2dfe
commit da4ddef136
2 changed files with 80 additions and 17 deletions

View File

@ -47,34 +47,52 @@ func expandIPPerms(configured []interface{}) ([]ec2.IPPerm, error) {
// Loop over our configured permissions and create // Loop over our configured permissions and create
// an array of goamz/ec2 compatabile objects // an array of goamz/ec2 compatabile objects
for _, perm := range configured { for _, perm := range configured {
// Our permission object
newP := perm.(map[string]interface{}) newP := perm.(map[string]interface{})
// Our new returned goamz compatible permission
p := ec2.IPPerm{}
// Ports
if attr, ok := newP["from_port"].(string); ok {
fromPort, err := strconv.Atoi(attr)
if err != nil {
return nil, err
}
p.FromPort = fromPort
}
if attr, ok := newP["to_port"].(string); ok {
toPort, err := strconv.Atoi(attr)
if err != nil {
return nil, err
}
p.ToPort = toPort
}
if attr, ok := newP["protocol"].(string); ok {
p.Protocol = attr
}
// Loop over the array of sg ids and built // Loop over the array of sg ids and built
// compatibile goamz objects // compatibile goamz objects
expandedGroups := []ec2.UserSecurityGroup{} if secGroups, ok := newP["security_groups"].([]interface{}); ok {
configGroups, ok := newP["security_groups"].([]interface{}) expandedGroups := []ec2.UserSecurityGroup{}
if ok { gs := expandStringList(secGroups)
gs := expandStringList(configGroups)
for _, g := range gs { for _, g := range gs {
newG := ec2.UserSecurityGroup{ newG := ec2.UserSecurityGroup{
Id: g, Id: g,
} }
expandedGroups = append(expandedGroups, newG) expandedGroups = append(expandedGroups, newG)
} }
p.SourceGroups = expandedGroups
} }
fromPort, err := strconv.Atoi(newP["from_port"].(string)) // Expand CIDR blocks
toPort, err := strconv.Atoi(newP["to_port"].(string)) if cidrBlocks, ok := newP["cidr_blocks"].([]interface{}); ok {
if err != nil { p.SourceIPs = expandStringList(cidrBlocks)
return nil, err
}
// Create the permission objet
p := ec2.IPPerm{
Protocol: newP["protocol"].(string),
FromPort: fromPort,
ToPort: toPort,
SourceIPs: expandStringList(newP["cidr_blocks"].([]interface{})),
SourceGroups: expandedGroups,
} }
perms = append(perms, p) perms = append(perms, p)

View File

@ -59,6 +59,51 @@ func Test_expandIPPerms(t *testing.T) {
} }
func Test_expandIPPerms_bad(t *testing.T) {
badConf := map[string]string{
"ingress.#": "1",
"ingress.0.from_port": "not number",
}
expanded := flatmap.Expand(badConf, "ingress").([]interface{})
perms, err := expandIPPerms(expanded)
if err == nil {
t.Fatalf("should have err: %#v", perms)
}
}
func Test_expandIPPerms_NoCidr(t *testing.T) {
conf := testConf()
delete(conf, "ingress.0.cidr_blocks.#")
delete(conf, "ingress.0.cidr_blocks.0")
expanded := flatmap.Expand(conf, "ingress").([]interface{})
perms, err := expandIPPerms(expanded)
if err != nil {
t.Fatalf("bad: %#v", err)
}
expected := ec2.IPPerm{
Protocol: "icmp",
FromPort: 1,
ToPort: -1,
SourceGroups: []ec2.UserSecurityGroup{
ec2.UserSecurityGroup{
Id: "sg-11111",
},
},
}
if !reflect.DeepEqual(perms[0], expected) {
t.Fatalf(
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
perms[0],
expected)
}
}
func Test_flattenIPPerms(t *testing.T) { func Test_flattenIPPerms(t *testing.T) {
cases := []struct { cases := []struct {
Input []ec2.IPPerm Input []ec2.IPPerm