diff --git a/builtin/providers/aws/resource_aws_network_acl.go b/builtin/providers/aws/resource_aws_network_acl.go index efdf1a525..e86b0aed5 100644 --- a/builtin/providers/aws/resource_aws_network_acl.go +++ b/builtin/providers/aws/resource_aws_network_acl.go @@ -31,17 +31,19 @@ func resourceAwsNetworkAcl() *schema.Resource { Computed: false, }, "subnet_id": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - ForceNew: true, - Computed: false, - Deprecated: "Attribute subnet_id is deprecated on network_acl resources. Use subnet_ids instead", + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Computed: false, + ConflictsWith: []string{"subnet_ids"}, + Deprecated: "Attribute subnet_id is deprecated on network_acl resources. Use subnet_ids instead", }, "subnet_ids": &schema.Schema{ - Type: schema.TypeList, - Optional: true, - // Computed: true, - Elem: &schema.Schema{Type: schema.TypeString}, + Type: schema.TypeSet, + Optional: true, + ConflictsWith: []string{"subnet_id"}, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, }, "ingress": &schema.Schema{ Type: schema.TypeSet, @@ -232,19 +234,18 @@ func resourceAwsNetworkAclUpdate(d *schema.ResourceData, meta interface{}) error if d.HasChange("subnet_ids") { o, n := d.GetChange("subnet_ids") - - var pre []string - for _, x := range o.([]interface{}) { - pre = append(pre, x.(string)) + if o == nil { + o = new(schema.Set) + } + if n == nil { + n = new(schema.Set) } - var post []string - for _, x := range n.([]interface{}) { - post = append(post, x.(string)) - } + os := o.(*schema.Set) + ns := n.(*schema.Set) - remove := diffSubnets(pre, post) - add := diffSubnets(post, pre) + remove := os.Difference(ns).List() + add := ns.Difference(os).List() if len(remove) > 0 { // A Network ACL is required for each subnet. In order to disassociate a @@ -254,7 +255,7 @@ func resourceAwsNetworkAclUpdate(d *schema.ResourceData, meta interface{}) error return fmt.Errorf("Failed to find Default ACL for VPC %s", d.Get("vpc_id").(string)) } for _, r := range remove { - association, err := findNetworkAclAssociation(r, conn) + association, err := findNetworkAclAssociation(r.(string), conn) if err != nil { return fmt.Errorf("Failed to find acl association: acl %s with subnet %s: %s", d.Id(), r, err) } @@ -270,7 +271,7 @@ func resourceAwsNetworkAclUpdate(d *schema.ResourceData, meta interface{}) error if len(add) > 0 { for _, a := range add { - association, err := findNetworkAclAssociation(a, conn) + association, err := findNetworkAclAssociation(a.(string), conn) if err != nil { return fmt.Errorf("Failed to find acl association: acl %s with subnet %s: %s", d.Id(), a, err) } @@ -409,7 +410,7 @@ func resourceAwsNetworkAclDelete(d *schema.ResourceData, meta interface{}) error } if v, ok := d.GetOk("subnet_ids"); ok { - ids := v.([]interface{}) + ids := v.(*schema.Set).List() for _, i := range ids { a, err := findNetworkAclAssociation(i.(string), conn) if err != nil { @@ -542,22 +543,3 @@ func networkAclEntriesToMapList(networkAcls []*ec2.NetworkACLEntry) []map[string return result } - -func diffSubnets(o, n []string) []string { - m := make(map[string]int) - - for _, y := range n { - m[y]++ - } - - var ret []string - for _, x := range o { - if m[x] > 0 { - m[x]-- - continue - } - ret = append(ret, x) - } - - return ret -} diff --git a/builtin/providers/aws/resource_aws_network_acl_test.go b/builtin/providers/aws/resource_aws_network_acl_test.go index 1b7ae81cc..075158ef6 100644 --- a/builtin/providers/aws/resource_aws_network_acl_test.go +++ b/builtin/providers/aws/resource_aws_network_acl_test.go @@ -10,72 +10,6 @@ import ( "github.com/hashicorp/terraform/terraform" ) -func TestDiffSubnets(t *testing.T) { - removal := []struct { - First []string - Second []string - Output []string - }{ - {[]string{"old"}, []string{"new"}, []string{"old"}}, - {[]string{"new"}, []string{"old"}, []string{"new"}}, - {[]string{"one", "two"}, []string{"two"}, []string{"one"}}, - { - []string{"subnet-1234", "subnet-5667", "subnet-897"}, - []string{"subnet-1234", "subnet-897"}, - []string{"subnet-5667"}, - }, - { - []string{"subnet-1234", "subnet-897"}, - []string{"subnet-1234", "subnet-5667", "subnet-897"}, - []string{}, - }, - } - for _, tc := range removal { - actual := diffSubnets(tc.First, tc.Second) - if len(actual) != len(tc.Output) { - t.Fatalf("\n\texpected: %#v \n\tactual: %#v\n", tc.Output, actual) - } - - for i, x := range tc.Output { - if x != actual[i] { - t.Fatalf("Network ACL diff does not match, expected %#v, got %#v", x, actual[i]) - } - } - } - - addition := []struct { - First []string - Second []string - Output []string - }{ - {[]string{"old"}, []string{"new"}, []string{"new"}}, - {[]string{"new"}, []string{"old"}, []string{"old"}}, - {[]string{"one", "two"}, []string{"two"}, []string{}}, - { - []string{"subnet-1234", "subnet-5667", "subnet-897"}, - []string{"subnet-1234", "subnet-897"}, - []string{}, - }, - { - []string{"subnet-1234", "subnet-897"}, - []string{"subnet-1234", "subnet-5667", "subnet-897"}, - []string{"subnet-5667"}, - }, - } - for _, tc := range addition { - actual := diffSubnets(tc.Second, tc.First) - if len(actual) != len(tc.Output) { - t.Fatalf("\n\texpected: %#v \n\tactual: %#v\n", tc.Output, actual) - } - - for i, x := range tc.Output { - if x != actual[i] { - t.Fatalf("Network ACL diff does not match, expected %#v, got %#v", x, actual[i]) - } - } - } -} - func TestAccAWSNetworkAcl_EgressAndIngressRules(t *testing.T) { var networkAcl ec2.NetworkACL