From f6b77a6c02682f082499d2e7de787a9305cbe669 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Fri, 13 May 2016 13:01:05 -0700
Subject: [PATCH] providers/aws: import network ACLs

---
 .../providers/aws/import_aws_network_acl.go   | 95 +++++++++++++++++++
 .../aws/import_aws_network_acl_test.go        | 37 ++++++++
 .../providers/aws/resource_aws_network_acl.go |  3 +
 3 files changed, 135 insertions(+)
 create mode 100644 builtin/providers/aws/import_aws_network_acl.go
 create mode 100644 builtin/providers/aws/import_aws_network_acl_test.go

diff --git a/builtin/providers/aws/import_aws_network_acl.go b/builtin/providers/aws/import_aws_network_acl.go
new file mode 100644
index 000000000..bcc221d0e
--- /dev/null
+++ b/builtin/providers/aws/import_aws_network_acl.go
@@ -0,0 +1,95 @@
+package aws
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+// Network ACLs import their rules and associations
+func resourceAwsNetworkAclImportState(
+	d *schema.ResourceData,
+	meta interface{}) ([]*schema.ResourceData, error) {
+	conn := meta.(*AWSClient).ec2conn
+
+	// First query the resource itself
+	resp, err := conn.DescribeNetworkAcls(&ec2.DescribeNetworkAclsInput{
+		NetworkAclIds: []*string{aws.String(d.Id())},
+	})
+	if err != nil {
+		return nil, err
+	}
+	if resp == nil || len(resp.NetworkAcls) < 1 || resp.NetworkAcls[0] == nil {
+		return nil, fmt.Errorf("network ACL %s is not found", d.Id())
+	}
+	acl := resp.NetworkAcls[0]
+
+	// Start building our results
+	results := make([]*schema.ResourceData, 1,
+		2+len(acl.Associations)+len(acl.Entries))
+	results[0] = d
+
+	/*
+		{
+			// Construct the entries
+			subResource := resourceAwsNetworkAclRule()
+			for _, entry := range acl.Entries {
+				// Minimal data for route
+				d := subResource.Data(nil)
+				d.SetType("aws_network_acl_rule")
+				d.Set("network_acl_id", acl.NetworkAclId)
+				d.Set("rule_number", entry.RuleNumber)
+				d.Set("egress", entry.Egress)
+				d.Set("protocol", entry.Protocol)
+				d.SetId(networkAclIdRuleNumberEgressHash(
+					d.Get("network_acl_id").(string),
+					d.Get("rule_number").(int),
+					d.Get("egress").(bool),
+					d.Get("protocol").(string)))
+				results = append(results, d)
+			}
+		}
+
+			{
+				// Construct the associations
+				subResource := resourceAwsRouteTableAssociation()
+				for _, assoc := range table.Associations {
+					if *assoc.Main {
+						// Ignore
+						continue
+					}
+
+					// Minimal data for route
+					d := subResource.Data(nil)
+					d.SetType("aws_route_table_association")
+					d.Set("route_table_id", assoc.RouteTableId)
+					d.SetId(*assoc.RouteTableAssociationId)
+					results = append(results, d)
+				}
+			}
+
+			{
+				// Construct the main associations. We could do this above but
+				// I keep this as a separate section since it is a separate resource.
+				subResource := resourceAwsMainRouteTableAssociation()
+				for _, assoc := range table.Associations {
+					if !*assoc.Main {
+						// Ignore
+						continue
+					}
+
+					// Minimal data for route
+					d := subResource.Data(nil)
+					d.SetType("aws_main_route_table_association")
+					d.Set("route_table_id", id)
+					d.Set("vpc_id", table.VpcId)
+					d.SetId(*assoc.RouteTableAssociationId)
+					results = append(results, d)
+				}
+			}
+	*/
+
+	return results, nil
+}
diff --git a/builtin/providers/aws/import_aws_network_acl_test.go b/builtin/providers/aws/import_aws_network_acl_test.go
new file mode 100644
index 000000000..407d3e45e
--- /dev/null
+++ b/builtin/providers/aws/import_aws_network_acl_test.go
@@ -0,0 +1,37 @@
+package aws
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccAWSNetworkAcl_importBasic(t *testing.T) {
+	/*
+		checkFn := func(s []*terraform.InstanceState) error {
+			// Expect 2: acl, 2 rules
+			if len(s) != 3 {
+				return fmt.Errorf("bad states: %#v", s)
+			}
+
+			return nil
+		}
+	*/
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSNetworkAclDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSNetworkAclEgressNIngressConfig,
+			},
+
+			resource.TestStep{
+				ResourceName:      "aws_network_acl.bar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
diff --git a/builtin/providers/aws/resource_aws_network_acl.go b/builtin/providers/aws/resource_aws_network_acl.go
index e946bb932..b0a3340fc 100644
--- a/builtin/providers/aws/resource_aws_network_acl.go
+++ b/builtin/providers/aws/resource_aws_network_acl.go
@@ -23,6 +23,9 @@ func resourceAwsNetworkAcl() *schema.Resource {
 		Read:   resourceAwsNetworkAclRead,
 		Delete: resourceAwsNetworkAclDelete,
 		Update: resourceAwsNetworkAclUpdate,
+		Importer: &schema.ResourceImporter{
+			State: resourceAwsNetworkAclImportState,
+		},
 
 		Schema: map[string]*schema.Schema{
 			"vpc_id": &schema.Schema{