Commit Graph

39 Commits

Author SHA1 Message Date
Clint 053ba9005d provider/aws: Remove Network ACL from state if not found 2016-04-05 11:11:16 -05:00
Clint be385b83f8 provider/aws: Fix issue with retrying deletion of Network ACLs
Fix retry after removing associations by correctly checking and returning an

error. This should patch the VPC/Resource leak in our nightly acceptance tests.
2016-04-05 10:18:03 -05:00
Paul Hinze 108ccf0007 builtin: Refactor resource.Retry to clarify return
Change the `RetryFunc` from a plain `error` return type to a
specialized `RetryError` which must decide whether it is
retryable or not.

Add `RetryableError` / `NonRetryableError` factory functions that
callers are meant to use to build up these errors.

This makes it eminently clear whether or not a given error is
retryable from inside the client code.

Goal here is to _not_ change any behavior, simply reflect the
existing behavior with the new, clearer, API.
2016-03-09 17:37:56 -06:00
Paul Hinze 7f62a49ebd provider/aws: fixes for Network ACL Rules
* Fixup Exists and CheckDestroy assertions
 * Make ingress/egress computed on network_acl, otherwise you could
   never use network_acl_rule with a managed network_acl without a
   perpetual diff.
2015-12-22 09:58:22 -06:00
stack72 2df8d7d9b0 Initial Scaffolding of the AWS Network ACL Entry resource 2015-12-18 23:14:54 +00:00
Clint Shryock 0c2f189d08 provider/aws: Update to aws-sdk 0.9.0 rc1 2015-08-17 13:27:16 -05:00
Paul Hinze b71fa3d0ae provider/aws: handle upstream aws-sdk-go repo move
`awslabs/aws-sdk-go => aws/aws-sdk-go`

Congrats to upstream on the promotion. :)
2015-06-03 13:36:57 -05:00
Clint Shryock 339f2bd21f provider/aws: Add support for ICMP Protocol in Network ACLs
- added icmp_type attribute
- added icmp_code attribute
- fixed an issue hiding the error
2015-05-29 16:48:50 -05:00
Paul Hinze 31258e06c6 provider/aws: fix breakages from awserr refactor
This landed in aws-sdk-go yesterday, breaking the AWS provider in many places:

3c259c9586

Here, with much sedding, grepping, and manual massaging, we attempt to
catch Terraform up to the new `awserr.Error` interface world.
2015-05-20 06:21:23 -05:00
Clint Shryock af09f257c8 fix regression in networkacl with conflicts with 2015-05-15 14:38:06 -05:00
Clint Shryock 0021906bda fix minor regression with subnet_id 2015-05-15 10:58:59 -05:00
Clint Shryock 5113761f41 Merge branch 'f-aws-network-subnet-ids'
* f-aws-network-subnet-ids:
  document Network ACL Subnet IDs attribute
  provider/aws: Add tests for Network ACL subnets
  upgrade to use typeset for subnet_ids
  network acl cleanups
  provider/aws: Support multiple subnets in Network ACL
2015-05-15 09:58:57 -05:00
Clint Shryock 468de49265 upgrade to use typeset for subnet_ids 2015-05-14 17:09:50 -05:00
Clint Shryock 898fa91595 network acl cleanups 2015-05-12 22:23:55 -05:00
Clint Shryock f7b6b6b2b5 Strip 'sdk' suffix from methods; it's a remnant 2015-05-12 14:58:10 -05:00
Clint Shryock 0dda704cbf provider/aws: Support multiple subnets in Network ACL 2015-05-12 13:50:28 -05:00
Christopher Tiwald 5b0d61727e aws: Only store protocol numbers for ingress/egress rules on ACLs.
Users can input a limited number of protocol names (e.g. "tcp") as
inputs to network ACL rules, but the API only supports valid protocol
number:

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Preserve the convenience of protocol names and simultaneously support
numbers by only writing numbers to the state file. Also use numbers
when hashing the rules, to keep everything consistent.
2015-05-06 23:54:12 -04:00
Christopher Tiwald 8056b5f8f7 aws: Force users to use valid network masks on ACL ingress/egress
AWS will accept any overly-specific IP/mask combination, such as
10.1.2.2/24, but will store it by its implied network: 10.1.2.0/24.
This results in hashing errors, because the remote API will return
hashing results out of sync with the local configuration file.

Enforce a stricter API rule than AWS. Force users to use valid masks,
and run a quick calculation on their input to discover their intent.
2015-05-06 23:53:34 -04:00
Christopher Tiwald b888b31e08 aws: Force users to use from_port, to_port = 0 on network ACLs with -1 protocol
AWS doesn't store ports for -1 protocol rules, thus the read from the
API will always come up with a different hash. Force the user to make a
deliberate port choice when enabling -1 protocol rules. All from_port
and to_port's on these rules must be 0.
2015-05-06 23:51:23 -04:00
Christopher Tiwald d14049c8ad aws: Don't try to modify or delete the untouchable network_acl rules.
AWS includes default rules with all network ACL resources which cannot
be modified by the user. Don't attempt to store them locally or change
them remotely if they are already stored -- it'll consistently result
in hashing problems.
2015-05-06 23:03:25 -04:00
Christopher Tiwald 03ee059da3 aws: Write ingress/egress rules into a map so they can be set.
resourceAwsNetworkAclRead swallowed these errors resulting in rules
that never properly updated. Implement an entry-to-maplist function
that'll allow us to write something that Set knows how to read.
2015-05-06 23:03:24 -04:00
Clint Shryock cd90648d4e provider/aws: Fix acceptance issue with Network Acls 2015-05-06 11:44:09 -05:00
Paul Hinze 6401635b97 providers/aws: network_acl, remove blank filter
The upstream behavior here changed, and the request needs a `nil`
instead of an empty slice to indicate that we _don't_ want to filter on
Network ACL IDs.

fixes #1634
2015-04-22 14:44:31 -05:00
Mitchell Hashimoto f77f77f9f8 provider/aws: fix potential panic when finding network ACL 2015-04-22 12:39:01 +02:00
Clint Shryock ba43b7c963 mass search-replace of ec2SDKconn 2015-04-16 15:05:55 -05:00
Clint Shryock 5394d91657 provider/aws: Convert Network ACL and helper library to upstream aws-sdk-go 2015-04-13 11:14:21 -05:00
Clint Shryock 28fbd971fc Retire goamz 2015-03-13 09:42:50 -05:00
Clint Shryock 57556bba75 Replace tags files with tags_sdk, rename, and update 2015-03-12 16:43:08 -05:00
Clint Shryock bd591877fe provider/aws: Convert AWS Network ACL to aws-sdk-go 2015-03-11 15:01:07 -05:00
Radek Simko e149a97658 Make composite literals to use keyed fields
This will prevent following error:
 - * composite literal uses unkeyed fields
2015-02-18 18:26:59 +00:00
Emil Hessman 4f3f85b165 builtin/providers/aws: vet fix
Fixes the following vet reports:

builtin/providers/aws/resource_aws_network_acl.go:191: wrong number of args for format in Errorf call: 2 needed but 3 args
builtin/providers/aws/resource_aws_network_acl.go:264: wrong number of args for format in Errorf call: 1 needed but 2 args
builtin/providers/aws/resource_aws_network_acl.go:268: wrong number of args for format in Errorf call: 1 needed but 2 args
builtin/providers/aws/resource_aws_network_acl.go:286: arg m[to_port].(int) for printf verb %s of wrong type: int
builtin/providers/aws/resource_aws_network_acl_test.go:277: arg r.NetworkAcls for printf verb %s of wrong type: []github.com/mitchellh/goamz/ec2.NetworkAcl
builtin/providers/aws/resource_aws_subnet_test.go:21: arg v.MapPublicIpOnLaunch for printf verb %s of wrong type: bool
2014-12-17 12:37:46 +01:00
Armon Dadgar 633a08230e Merge pull request #638 from snehaso/tag_for_acl
[AWS] added tags for aws_network_acl
2014-12-10 12:59:22 -08:00
Sneha Somwanshi 5e3e8562fc added tags for aws_network_acl 2014-12-10 16:29:00 +05:30
Sneha Somwanshi aad594aed3 aws_network_acl: return error if protocol is invalid 2014-12-08 16:53:05 +05:30
Sneha Somwanshi 4b154b8fe7 Fixed update of ingress/egress rules 2014-12-08 11:00:55 +05:30
Sneha Somwanshi c79e6ba08b handled subnet and network acl association 2014-12-03 16:37:50 +05:30
Sneha Somwanshi cd0f9761da rearranged the tests 2014-12-01 14:19:39 +05:30
Sneha Somwanshi 5eec8a531c Added CRUD operations for network acl 2014-11-30 17:10:54 +05:30
Sneha Somwanshi bd9e9ec0c4 Add support for network acls 2014-11-26 19:14:02 +05:30