providers/aws: expandIPPerms works again
This commit is contained in:
Mitchell Hashimoto
parent
33a7d32f40
commit
a594ef9a28
|
|
@ -3,7 +3,6 @@ package aws
|
|||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
|
|
@ -16,6 +15,7 @@ func resourceAwsSecurityGroup() *schema.Resource {
|
|||
return &schema.Resource{
|
||||
Create: resourceAwsSecurityGroupCreate,
|
||||
Read: resourceAwsSecurityGroupRead,
|
||||
Update: resourceAwsSecurityGroupUpdate,
|
||||
Delete: resourceAwsSecurityGroupDelete,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
|
|
@ -130,43 +130,7 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
|
|||
}
|
||||
ingressList := ingressRaw.([]interface{})
|
||||
if len(ingressList) > 0 {
|
||||
ingressRules := make([]ec2.IPPerm, len(ingressList))
|
||||
for i, mRaw := range ingressList {
|
||||
var perm ec2.IPPerm
|
||||
m := mRaw.(map[string]interface{})
|
||||
|
||||
perm.FromPort = m["from_port"].(int)
|
||||
perm.ToPort = m["to_port"].(int)
|
||||
perm.Protocol = m["protocol"].(string)
|
||||
|
||||
if raw, ok := m["security_groups"]; ok {
|
||||
list := raw.([]interface{})
|
||||
perm.SourceGroups = make([]ec2.UserSecurityGroup, len(list))
|
||||
for i, v := range list {
|
||||
name := v.(string)
|
||||
ownerId, id := "", name
|
||||
if items := strings.Split(id, "/"); len(items) > 1 {
|
||||
ownerId, id = items[0], items[1]
|
||||
}
|
||||
|
||||
perm.SourceGroups[i] = ec2.UserSecurityGroup{
|
||||
Id: id,
|
||||
OwnerId: ownerId,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if raw, ok := m["cidr_blocks"]; ok {
|
||||
list := raw.([]interface{})
|
||||
perm.SourceIPs = make([]string, len(list))
|
||||
for i, v := range list {
|
||||
perm.SourceIPs[i] = v.(string)
|
||||
}
|
||||
}
|
||||
|
||||
ingressRules[i] = perm
|
||||
}
|
||||
|
||||
ingressRules := expandIPPerms(ingressList)
|
||||
_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error authorizing security group ingress rules: %s", err)
|
||||
|
|
@ -176,6 +140,10 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
|
|||
return resourceAwsSecurityGroupRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceAwsSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
p := meta.(*ResourceProvider)
|
||||
ec2conn := p.ec2conn
|
||||
|
|
|
|||
|
|
@ -41,69 +41,45 @@ func expandListeners(configured []interface{}) ([]elb.Listener, error) {
|
|||
|
||||
// Takes the result of flatmap.Expand for an array of ingress/egress
|
||||
// security group rules and returns EC2 API compatible objects
|
||||
func expandIPPerms(configured []interface{}) ([]ec2.IPPerm, error) {
|
||||
perms := make([]ec2.IPPerm, 0, len(configured))
|
||||
func expandIPPerms(configured []interface{}) []ec2.IPPerm {
|
||||
perms := make([]ec2.IPPerm, len(configured))
|
||||
for i, mRaw := range configured {
|
||||
var perm ec2.IPPerm
|
||||
m := mRaw.(map[string]interface{})
|
||||
|
||||
// Loop over our configured permissions and create
|
||||
// an array of goamz/ec2 compatabile objects
|
||||
for _, perm := range configured {
|
||||
// Our permission object
|
||||
newP := perm.(map[string]interface{})
|
||||
perm.FromPort = m["from_port"].(int)
|
||||
perm.ToPort = m["to_port"].(int)
|
||||
perm.Protocol = m["protocol"].(string)
|
||||
|
||||
// Our new returned goamz compatible permission
|
||||
p := ec2.IPPerm{}
|
||||
|
||||
// Ports
|
||||
if attr, ok := newP["from_port"].(string); ok {
|
||||
fromPort, err := strconv.Atoi(attr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
p.FromPort = fromPort
|
||||
}
|
||||
|
||||
if attr, ok := newP["to_port"].(string); ok {
|
||||
toPort, err := strconv.Atoi(attr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
p.ToPort = toPort
|
||||
}
|
||||
|
||||
if attr, ok := newP["protocol"].(string); ok {
|
||||
p.Protocol = attr
|
||||
}
|
||||
|
||||
// Loop over the array of sg ids and built
|
||||
// compatibile goamz objects
|
||||
if secGroups, ok := newP["security_groups"].([]interface{}); ok {
|
||||
expandedGroups := []ec2.UserSecurityGroup{}
|
||||
gs := expandStringList(secGroups)
|
||||
|
||||
for _, g := range gs {
|
||||
ownerId, id := "", g
|
||||
if items := strings.Split(g, "/"); len(items) > 1 {
|
||||
if raw, ok := m["security_groups"]; ok {
|
||||
list := raw.([]interface{})
|
||||
perm.SourceGroups = make([]ec2.UserSecurityGroup, len(list))
|
||||
for i, v := range list {
|
||||
name := v.(string)
|
||||
ownerId, id := "", name
|
||||
if items := strings.Split(id, "/"); len(items) > 1 {
|
||||
ownerId, id = items[0], items[1]
|
||||
}
|
||||
newG := ec2.UserSecurityGroup{
|
||||
Id: id,
|
||||
|
||||
perm.SourceGroups[i] = ec2.UserSecurityGroup{
|
||||
Id: id,
|
||||
OwnerId: ownerId,
|
||||
}
|
||||
expandedGroups = append(expandedGroups, newG)
|
||||
}
|
||||
|
||||
p.SourceGroups = expandedGroups
|
||||
}
|
||||
|
||||
// Expand CIDR blocks
|
||||
if cidrBlocks, ok := newP["cidr_blocks"].([]interface{}); ok {
|
||||
p.SourceIPs = expandStringList(cidrBlocks)
|
||||
if raw, ok := m["cidr_blocks"]; ok {
|
||||
list := raw.([]interface{})
|
||||
perm.SourceIPs = make([]string, len(list))
|
||||
for i, v := range list {
|
||||
perm.SourceIPs[i] = v.(string)
|
||||
}
|
||||
}
|
||||
|
||||
perms = append(perms, p)
|
||||
perms[i] = perm
|
||||
}
|
||||
|
||||
return perms, nil
|
||||
return perms
|
||||
}
|
||||
|
||||
// Flattens an array of ipPerms into a list of primitives that
|
||||
|
|
|
|||
|
|
@ -33,12 +33,20 @@ func testConf() map[string]string {
|
|||
}
|
||||
|
||||
func Test_expandIPPerms(t *testing.T) {
|
||||
expanded := flatmap.Expand(testConf(), "ingress").([]interface{})
|
||||
perms, err := expandIPPerms(expanded)
|
||||
|
||||
if err != nil {
|
||||
t.Fatalf("bad: %#v", err)
|
||||
expanded := []interface{}{
|
||||
map[string]interface{}{
|
||||
"protocol": "icmp",
|
||||
"from_port": 1,
|
||||
"to_port": -1,
|
||||
"cidr_blocks": []interface{}{"0.0.0.0/0"},
|
||||
"security_groups": []interface{}{
|
||||
"sg-11111",
|
||||
"foo/sg-22222",
|
||||
},
|
||||
},
|
||||
}
|
||||
perms := expandIPPerms(expanded)
|
||||
|
||||
expected := ec2.IPPerm{
|
||||
Protocol: "icmp",
|
||||
FromPort: 1,
|
||||
|
|
@ -50,56 +58,7 @@ func Test_expandIPPerms(t *testing.T) {
|
|||
},
|
||||
ec2.UserSecurityGroup{
|
||||
OwnerId: "foo",
|
||||
Id: "sg-22222",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(perms[0], expected) {
|
||||
t.Fatalf(
|
||||
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
|
||||
perms[0],
|
||||
expected)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func Test_expandIPPerms_bad(t *testing.T) {
|
||||
badConf := map[string]string{
|
||||
"ingress.#": "1",
|
||||
"ingress.0.from_port": "not number",
|
||||
}
|
||||
|
||||
expanded := flatmap.Expand(badConf, "ingress").([]interface{})
|
||||
perms, err := expandIPPerms(expanded)
|
||||
|
||||
if err == nil {
|
||||
t.Fatalf("should have err: %#v", perms)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_expandIPPerms_NoCidr(t *testing.T) {
|
||||
conf := testConf()
|
||||
delete(conf, "ingress.0.cidr_blocks.#")
|
||||
delete(conf, "ingress.0.cidr_blocks.0")
|
||||
|
||||
expanded := flatmap.Expand(conf, "ingress").([]interface{})
|
||||
perms, err := expandIPPerms(expanded)
|
||||
|
||||
if err != nil {
|
||||
t.Fatalf("bad: %#v", err)
|
||||
}
|
||||
expected := ec2.IPPerm{
|
||||
Protocol: "icmp",
|
||||
FromPort: 1,
|
||||
ToPort: -1,
|
||||
SourceGroups: []ec2.UserSecurityGroup{
|
||||
ec2.UserSecurityGroup{
|
||||
Id: "sg-11111",
|
||||
},
|
||||
ec2.UserSecurityGroup{
|
||||
OwnerId: "foo",
|
||||
Id: "sg-22222",
|
||||
Id: "sg-22222",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue