From 339f2bd21f33fc68b0e3dbd5c82f6eb0942f6780 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Fri, 29 May 2015 16:48:50 -0500 Subject: [PATCH] provider/aws: Add support for ICMP Protocol in Network ACLs - added icmp_type attribute - added icmp_code attribute - fixed an issue hiding the error --- builtin/providers/aws/network_acl_entry.go | 12 +++++++ .../providers/aws/resource_aws_network_acl.go | 31 ++++++++++++++++++- .../providers/aws/r/network_acl.html.markdown | 4 +++ 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/builtin/providers/aws/network_acl_entry.go b/builtin/providers/aws/network_acl_entry.go index 7ba87712c..e328d1ae4 100644 --- a/builtin/providers/aws/network_acl_entry.go +++ b/builtin/providers/aws/network_acl_entry.go @@ -34,6 +34,18 @@ func expandNetworkAclEntries(configured []interface{}, entryType string) ([]*ec2 RuleNumber: aws.Long(int64(data["rule_no"].(int))), CIDRBlock: aws.String(data["cidr_block"].(string)), } + + // Specify additional required fields for ICMP + if p == 1 { + e.ICMPTypeCode = &ec2.ICMPTypeCode{} + if v, ok := data["icmp_code"]; ok { + e.ICMPTypeCode.Code = aws.Long(int64(v.(int))) + } + if v, ok := data["icmp_type"]; ok { + e.ICMPTypeCode.Type = aws.Long(int64(v.(int))) + } + } + entries = append(entries, e) } return entries, nil diff --git a/builtin/providers/aws/resource_aws_network_acl.go b/builtin/providers/aws/resource_aws_network_acl.go index 4ff439493..78a72eb89 100644 --- a/builtin/providers/aws/resource_aws_network_acl.go +++ b/builtin/providers/aws/resource_aws_network_acl.go @@ -76,6 +76,14 @@ func resourceAwsNetworkAcl() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "icmp_type": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + }, + "icmp_code": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + }, }, }, Set: resourceAwsNetworkAclEntryHash, @@ -110,6 +118,14 @@ func resourceAwsNetworkAcl() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "icmp_type": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + }, + "icmp_code": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + }, }, }, Set: resourceAwsNetworkAclEntryHash, @@ -377,9 +393,10 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, conn *ec2 Protocol: add.Protocol, RuleAction: add.RuleAction, RuleNumber: add.RuleNumber, + ICMPTypeCode: add.ICMPTypeCode, }) if connErr != nil { - return fmt.Errorf("Error creating %s entry: %s", entryType, err) + return fmt.Errorf("Error creating %s entry: %s", entryType, connErr) } } return nil @@ -466,6 +483,13 @@ func resourceAwsNetworkAclEntryHash(v interface{}) int { buf.WriteString(fmt.Sprintf("%s-", v.(string))) } + if v, ok := m["icmp_type"]; ok { + buf.WriteString(fmt.Sprintf("%d-", v.(int))) + } + if v, ok := m["icmp_code"]; ok { + buf.WriteString(fmt.Sprintf("%d-", v.(int))) + } + return hashcode.String(buf.String()) } @@ -538,6 +562,11 @@ func networkAclEntriesToMapList(networkAcls []*ec2.NetworkACLEntry) []map[string acl["to_port"] = *entry.PortRange.To } + if entry.ICMPTypeCode != nil { + acl["icmp_type"] = *entry.ICMPTypeCode.Type + acl["icmp_code"] = *entry.ICMPTypeCode.Code + } + result = append(result, acl) } diff --git a/website/source/docs/providers/aws/r/network_acl.html.markdown b/website/source/docs/providers/aws/r/network_acl.html.markdown index 3451b55ff..1dc11e902 100644 --- a/website/source/docs/providers/aws/r/network_acl.html.markdown +++ b/website/source/docs/providers/aws/r/network_acl.html.markdown @@ -62,6 +62,10 @@ Both `egress` and `ingress` support the following keys: protocol, you must specify a from and to port of 0. * `cidr_block` - (Optional) The CIDR block to match. This must be a valid network mask. +* `icmp_type` - (Optional) The ICMP type to be used. Default 0. +* `icmp_code` - (Optional) The ICMP type code to be used. Default 0. + +~> Note: For more information on ICMP types and codes, see here: http://www.nthelp.com/icmp.html ## Attributes Reference