Commit Graph

62 Commits

Author SHA1 Message Date
Paul Stack df11150a6a provider/aws: Revoke default ipv6 egress rule for aws_security_group (#15075)
Fixes: #14522

To follow similar work in IPv4, we are now going to revoke the default
IPv6 egress rule from an empty AWS security group

```
% make testacc TEST=./builtin/providers/aws/ TESTARGS='-run=TestAccAWSSecurityGroup_ipv4andipv6Egress'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/06/05 14:01:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws/ -v -run=TestAccAWSSecurityGroup_ipv4andipv6Egress -timeout 120m
=== RUN   TestAccAWSSecurityGroup_ipv4andipv6Egress
--- PASS: TestAccAWSSecurityGroup_ipv4andipv6Egress (63.39s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	63.423s
```
2017-06-06 00:53:04 +03:00
Alex Meng 7cc4018577 provider/aws: Fix security group rule import (#13630) 2017-04-21 11:38:41 -05:00
Jake Champlin 925265016b
provider/aws: Add plan-level validation for SG CIDR blocks
Adds plan-level validation for both IPv4 and IPv6 CIDR Blocks in an AWS SecurityGroup resource, as well as the AWS Security Group Rule resource.

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_invalidCIDRBlock'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/16 11:32:54 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSecurityGroup_invalidCIDRBlock -timeout 120m
=== RUN   TestAccAWSSecurityGroup_invalidCIDRBlock
--- PASS: TestAccAWSSecurityGroup_invalidCIDRBlock (0.01s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    0.017s
```

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroupRule_ExpectInvalidCIDR'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/16 11:46:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSecurityGroupRule_ExpectInvalidCIDR -timeout 120m
=== RUN   TestAccAWSSecurityGroupRule_ExpectInvalidCIDR
--- PASS: TestAccAWSSecurityGroupRule_ExpectInvalidCIDR (0.01s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    0.016s
```
2017-03-16 11:49:51 -04:00
Paul Stack 1994b1111d provider/aws: Add support for IPv6 to aws_security_group (#12655)
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_'                                                                     ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/13 19:07:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSecurityGroup_ -timeout 120m
=== RUN   TestAccAWSSecurityGroup_importBasic
--- PASS: TestAccAWSSecurityGroup_importBasic (48.67s)
=== RUN   TestAccAWSSecurityGroup_importIpv6
--- PASS: TestAccAWSSecurityGroup_importIpv6 (51.71s)
=== RUN   TestAccAWSSecurityGroup_importSelf
--- PASS: TestAccAWSSecurityGroup_importSelf (58.46s)
=== RUN   TestAccAWSSecurityGroup_importSourceSecurityGroup
--- PASS: TestAccAWSSecurityGroup_importSourceSecurityGroup (65.99s)
=== RUN   TestAccAWSSecurityGroup_basic
--- PASS: TestAccAWSSecurityGroup_basic (62.18s)
=== RUN   TestAccAWSSecurityGroup_ipv6
--- PASS: TestAccAWSSecurityGroup_ipv6 (47.38s)
=== RUN   TestAccAWSSecurityGroup_tagsCreatedFirst
--- PASS: TestAccAWSSecurityGroup_tagsCreatedFirst (30.48s)
=== RUN   TestAccAWSSecurityGroup_namePrefix
--- PASS: TestAccAWSSecurityGroup_namePrefix (16.90s)
=== RUN   TestAccAWSSecurityGroup_self
--- PASS: TestAccAWSSecurityGroup_self (45.36s)
=== RUN   TestAccAWSSecurityGroup_vpc
--- PASS: TestAccAWSSecurityGroup_vpc (45.76s)
=== RUN   TestAccAWSSecurityGroup_vpcNegOneIngress
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (44.50s)
=== RUN   TestAccAWSSecurityGroup_vpcProtoNumIngress
--- PASS: TestAccAWSSecurityGroup_vpcProtoNumIngress (45.01s)
=== RUN   TestAccAWSSecurityGroup_MultiIngress
--- PASS: TestAccAWSSecurityGroup_MultiIngress (50.67s)
=== RUN   TestAccAWSSecurityGroup_Change
--- PASS: TestAccAWSSecurityGroup_Change (76.34s)
=== RUN   TestAccAWSSecurityGroup_generatedName
--- PASS: TestAccAWSSecurityGroup_generatedName (46.29s)
=== RUN   TestAccAWSSecurityGroup_DefaultEgress_VPC
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (48.10s)
=== RUN   TestAccAWSSecurityGroup_DefaultEgress_Classic
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (16.71s)
=== RUN   TestAccAWSSecurityGroup_drift
--- PASS: TestAccAWSSecurityGroup_drift (22.73s)
=== RUN   TestAccAWSSecurityGroup_drift_complex
--- PASS: TestAccAWSSecurityGroup_drift_complex (54.14s)
=== RUN   TestAccAWSSecurityGroup_tags
--- PASS: TestAccAWSSecurityGroup_tags (74.12s)
=== RUN   TestAccAWSSecurityGroup_CIDRandGroups
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (55.83s)
=== RUN   TestAccAWSSecurityGroup_ingressWithCidrAndSGs
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (54.40s)
=== RUN   TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (26.93s)
=== RUN   TestAccAWSSecurityGroup_egressWithPrefixList
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (61.39s)
=== RUN   TestAccAWSSecurityGroup_failWithDiffMismatch
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (55.93s)
PASS
ok	github.com/hashicorp/terraform/builtin/providers/aws	1136.500s
```
2017-03-14 13:02:50 +02:00
Tom Wilkie dd39296d6c Allow import of aws_security_groups with more than one source_security_group_id rule (#9477)
* Allow import of aws_security_groups with more than one source_security_group_id rule

* Add acceptable test for security group with multiple source rules.
2016-12-09 15:50:51 +00:00
clint shryock 61d795ed44 tidy up tests 2016-09-21 16:12:56 -05:00
Jay Wallace 45da08c67f
Allow use of protocol numbers for ah and esp 2016-09-21 11:52:23 -07:00
Paul Stack 73b10c8186 provider/aws: `aws_security_group` now creates tags as early as possible (#7849)
in the process

Fixes #7577

7577 discovered that sometimes setting tags at the end of the creation
model doesn't quite work for everyone. We now move that further up the
tree by calling the setTags func a second time.

The setTags func in the Update is not called immediately after creation
as we check for it not being a NewResource

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSecurityGroup_ -timeout 120m
=== RUN   TestAccAWSSecurityGroup_importBasic
--- PASS: TestAccAWSSecurityGroup_importBasic (60.96s)
=== RUN   TestAccAWSSecurityGroup_importSelf
--- PASS: TestAccAWSSecurityGroup_importSelf (72.72s)
=== RUN   TestAccAWSSecurityGroup_basic
--- PASS: TestAccAWSSecurityGroup_basic (62.33s)
=== RUN   TestAccAWSSecurityGroup_namePrefix
--- PASS: TestAccAWSSecurityGroup_namePrefix (22.12s)
=== RUN   TestAccAWSSecurityGroup_self
--- PASS: TestAccAWSSecurityGroup_self (64.26s)
=== RUN   TestAccAWSSecurityGroup_vpc
--- PASS: TestAccAWSSecurityGroup_vpc (58.35s)
=== RUN   TestAccAWSSecurityGroup_vpcNegOneIngress
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (54.95s)
=== RUN   TestAccAWSSecurityGroup_MultiIngress
--- PASS: TestAccAWSSecurityGroup_MultiIngress (64.81s)
=== RUN   TestAccAWSSecurityGroup_Change
--- PASS: TestAccAWSSecurityGroup_Change (96.86s)
=== RUN   TestAccAWSSecurityGroup_generatedName
--- PASS: TestAccAWSSecurityGroup_generatedName (60.75s)
=== RUN   TestAccAWSSecurityGroup_DefaultEgress_VPC
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (57.05s)
=== RUN   TestAccAWSSecurityGroup_DefaultEgress_Classic
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (20.94s)
=== RUN   TestAccAWSSecurityGroup_drift
--- PASS: TestAccAWSSecurityGroup_drift (27.39s)
=== RUN   TestAccAWSSecurityGroup_drift_complex
--- PASS: TestAccAWSSecurityGroup_drift_complex (64.62s)
=== RUN   TestAccAWSSecurityGroup_tags
--- PASS: TestAccAWSSecurityGroup_tags (87.49s)
=== RUN   TestAccAWSSecurityGroup_CIDRandGroups
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (71.62s)
=== RUN   TestAccAWSSecurityGroup_ingressWithCidrAndSGs
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (69.60s)
=== RUN   TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (25.47s)
=== RUN   TestAccAWSSecurityGroup_egressWithPrefixList
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (64.46s)
=== RUN   TestAccAWSSecurityGroup_failWithDiffMismatch
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (60.21s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1166.983s
```
2016-08-15 15:11:52 +01:00
stevehorsfield 03c2c4408f Add support for 'prefix_list_ids' to AWS VPC security group rules
Prefix list IDs are used when allowing egress to an AWS VPC Endpoint.

See http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html#vpc-endpoints-routing
2016-06-30 15:48:27 -07:00
stevehorsfield 29623f871b Split TestAccAWSSecurityGroup_DefaultEgress into VPC/Classic
This test function tests both VPC and Classic EC2 modes, but not
all accounts have support for both. Splitting them makes it
easier to understand why a test fails when an account only
supports the VPC mode.
2016-06-30 15:47:53 -07:00
Clint 2ba1b0fb01 provider/aws: Populate self in Security Group Rule imports (#7164)
* provider/aws: Populate self in Security Group Rule imports

* provider/aws: Add regression test for SG Rule import
2016-06-30 15:01:38 -05:00
James Bardin a3e2c99219 Add a failing acceptance test from GH-2027 2016-06-16 18:43:15 -04:00
Mitchell Hashimoto 7292c9df25
providers/aws: remove the opt-out stuff for id-only 2016-04-21 08:37:08 -07:00
Mitchell Hashimoto c5c3de4f01
providers/aws: classic SG test should test classic 2016-04-20 16:44:57 -07:00
Mitchell Hashimoto a44c547986
providers/aws: security group id-only 2016-04-20 16:42:00 -07:00
clint shryock 1a2846072c update tests to cover icmp 2016-03-28 13:08:53 -05:00
clint shryock e98d7d706f provider/aws: Convert protocols to standard format for Security Groups
Convert network protocols to their names for keys/state, fixing issue(s) when
using them interchangeably.
2016-03-28 10:32:39 -05:00
ephemeralsnow 54cb5ffe00 provider/aws: Fix EC2 Classic SG Rule issue
Fixes an issue where security groups would fail to update after applying an
initial security_group, because we were improperly saving the id of the group
and not the name (EC2 Classic only).

This is a PR combining https://github.com/hashicorp/terraform/pull/4983 and
https://github.com/hashicorp/terraform/pull/5184 . It's majority
@ephemeralsnow's work.
2016-03-09 09:51:41 -06:00
clint shryock 280054a387 provider/aws: Security Rules drift and sorting changes
This commit adds failing tests to demonstrate the problem presented with AWS
aggregating the security group rules
2016-02-19 16:51:08 -06:00
clint shryock 7462eb1742 provider/aws: Fix issue with detecting drift in AWS Security Groups in-line rules 2016-01-21 11:21:25 -06:00
James Nugent 8e538b68ec Fix errors with gofmt compliance 2015-12-17 12:35:19 -05:00
stack72 6817e0d144 Adding the ability to generate a securitygroup name-prefix 2015-12-04 09:21:08 -05:00
Clint Shryock 0c2f189d08 provider/aws: Update to aws-sdk 0.9.0 rc1 2015-08-17 13:27:16 -05:00
Clint Shryock 579ccbefea provider/aws: Update source to comply with upstream breaking change 2015-07-28 15:29:46 -05:00
Paul Hinze 66c51d44f6 aws/provider convert _normal tests to _basic
For consistency!
2015-06-07 18:04:38 -05:00
Paul Hinze b71fa3d0ae provider/aws: handle upstream aws-sdk-go repo move
`awslabs/aws-sdk-go => aws/aws-sdk-go`

Congrats to upstream on the promotion. :)
2015-06-03 13:36:57 -05:00
Paul Hinze 31258e06c6 provider/aws: fix breakages from awserr refactor
This landed in aws-sdk-go yesterday, breaking the AWS provider in many places:

3c259c9586

Here, with much sedding, grepping, and manual massaging, we attempt to
catch Terraform up to the new `awserr.Error` interface world.
2015-05-20 06:21:23 -05:00
Clint Shryock f7b6b6b2b5 Strip 'sdk' suffix from methods; it's a remnant 2015-05-12 14:58:10 -05:00
Clint Shryock 70984526a4 Merge remote-tracking branch 'ctiwald/ct/fix-protocol-problem'
* ctiwald/ct/fix-protocol-problem:
  aws: Document the odd protocol = "-1" behavior in security groups.
  aws: Fixup structure_test to handle new expandIPPerms behavior.
  aws: Add security group acceptance tests for protocol -1 fixes.
  aws: error on expndIPPerms(...) if our ports and protocol conflict.
2015-05-07 17:13:21 -05:00
Clint Shryock 885efa0837 provider/aws: Add Security Group Rule as a top level resource
- document conflict with sg rules and sg in-line rules
- for this to work, ingress rules need to be computed
2015-05-05 16:56:39 -05:00
Clint Shryock 85b1756c27 revise tests and check for vpc_id 2015-05-05 16:23:26 -05:00
Clint Shryock ee65684abe Add spec for removing default egress rule 2015-05-05 16:23:26 -05:00
Christopher Tiwald 362a6124e3 aws: Add security group acceptance tests for protocol -1 fixes.
These only test ingress rules as egress rules are broken by the
default "0.0.0.0/0" rule Amazon includes with every egressed security
group.
2015-05-04 23:55:32 -04:00
Paul Hinze 079856620a provider/aws: set default SG description
because requiring a SG description is annoying
2015-04-22 13:27:20 -05:00
Paul Hinze 33de319293 provider/aws: allow SG names to be generated 2015-04-22 12:56:06 -05:00
Clint Shryock ba43b7c963 mass search-replace of ec2SDKconn 2015-04-16 15:05:55 -05:00
Clint Shryock ffdd20133a providers/aws: Convert AWS Security Group to upstream aws-sdk-go
Moves structure test lib too, to that `make test` actually runs it
2015-04-09 09:10:04 -05:00
Clint Shryock 87e1260fac update hash for aws security group test 2015-04-02 09:00:47 -05:00
Clint Shryock 755f8d0f44 provider/aws: Fix acceptance test checks for AWS Security Group 2015-03-30 14:54:03 -05:00
Clint Shryock 28fbd971fc Retire goamz 2015-03-13 09:42:50 -05:00
Clint Shryock 57556bba75 Replace tags files with tags_sdk, rename, and update 2015-03-12 16:43:08 -05:00
Clint Shryock 3977256c17 Cleansup: Restore expandIPPerms, remove flattenIPPerms 2015-03-10 16:35:49 -05:00
Clint Shryock 20b02cacd4 provider/aws: Convert AWS Security Group to aws-sdk-go
Convert security group test too
2015-03-09 11:45:58 -05:00
nevins-b 47b244d296 adding support for egress rules in AWS Security Groups 2015-01-23 09:46:20 -05:00
Sander van Harmelen 83c760fcb3 core: refactoring the way sets work internally v2
This is a refactored solution for PR #616. Functionally this is still
the same change, but it’s implemented a lot cleaner with less code and
less changes to existing parts of TF.
2014-12-12 23:21:20 +01:00
Sander van Harmelen eccd5ad308 Refactored about 90%
Still need to update 2 resources and check the acceptance tests, but
overall we’re nearly there 😃
2014-11-21 17:58:34 +01:00
Long Nguyen eef3197ba0 Added security group tagging 2014-10-14 17:11:09 -04:00
Mitchell Hashimoto dbc890e401 providers/aws: add `self` to ingress [GH-219] 2014-09-30 14:19:16 -07:00
Mitchell Hashimoto c5d6df692d providers/aws: tests passing, compiles 2014-09-16 17:49:24 -07:00
Mitchell Hashimoto 56cf1e6faa Fix go vet complaints 2014-08-24 21:50:35 -07:00