providers/aws: fix assertion of non-required cidr blocks in sec groups
fixes #65, #86
This commit is contained in:
Jack Pearkes
parent
44489d2dfe
commit
da4ddef136
|
|
@ -47,34 +47,52 @@ func expandIPPerms(configured []interface{}) ([]ec2.IPPerm, error) {
|
|||
// Loop over our configured permissions and create
|
||||
// an array of goamz/ec2 compatabile objects
|
||||
for _, perm := range configured {
|
||||
// Our permission object
|
||||
newP := perm.(map[string]interface{})
|
||||
|
||||
// Our new returned goamz compatible permission
|
||||
p := ec2.IPPerm{}
|
||||
|
||||
// Ports
|
||||
if attr, ok := newP["from_port"].(string); ok {
|
||||
fromPort, err := strconv.Atoi(attr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
p.FromPort = fromPort
|
||||
}
|
||||
|
||||
if attr, ok := newP["to_port"].(string); ok {
|
||||
toPort, err := strconv.Atoi(attr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
p.ToPort = toPort
|
||||
}
|
||||
|
||||
if attr, ok := newP["protocol"].(string); ok {
|
||||
p.Protocol = attr
|
||||
}
|
||||
|
||||
// Loop over the array of sg ids and built
|
||||
// compatibile goamz objects
|
||||
expandedGroups := []ec2.UserSecurityGroup{}
|
||||
configGroups, ok := newP["security_groups"].([]interface{})
|
||||
if ok {
|
||||
gs := expandStringList(configGroups)
|
||||
if secGroups, ok := newP["security_groups"].([]interface{}); ok {
|
||||
expandedGroups := []ec2.UserSecurityGroup{}
|
||||
gs := expandStringList(secGroups)
|
||||
|
||||
for _, g := range gs {
|
||||
newG := ec2.UserSecurityGroup{
|
||||
Id: g,
|
||||
}
|
||||
expandedGroups = append(expandedGroups, newG)
|
||||
}
|
||||
|
||||
p.SourceGroups = expandedGroups
|
||||
}
|
||||
|
||||
fromPort, err := strconv.Atoi(newP["from_port"].(string))
|
||||
toPort, err := strconv.Atoi(newP["to_port"].(string))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Create the permission objet
|
||||
p := ec2.IPPerm{
|
||||
Protocol: newP["protocol"].(string),
|
||||
FromPort: fromPort,
|
||||
ToPort: toPort,
|
||||
SourceIPs: expandStringList(newP["cidr_blocks"].([]interface{})),
|
||||
SourceGroups: expandedGroups,
|
||||
// Expand CIDR blocks
|
||||
if cidrBlocks, ok := newP["cidr_blocks"].([]interface{}); ok {
|
||||
p.SourceIPs = expandStringList(cidrBlocks)
|
||||
}
|
||||
|
||||
perms = append(perms, p)
|
||||
|
|
|
|||
|
|
@ -59,6 +59,51 @@ func Test_expandIPPerms(t *testing.T) {
|
|||
|
||||
}
|
||||
|
||||
func Test_expandIPPerms_bad(t *testing.T) {
|
||||
badConf := map[string]string{
|
||||
"ingress.#": "1",
|
||||
"ingress.0.from_port": "not number",
|
||||
}
|
||||
|
||||
expanded := flatmap.Expand(badConf, "ingress").([]interface{})
|
||||
perms, err := expandIPPerms(expanded)
|
||||
|
||||
if err == nil {
|
||||
t.Fatalf("should have err: %#v", perms)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_expandIPPerms_NoCidr(t *testing.T) {
|
||||
conf := testConf()
|
||||
delete(conf, "ingress.0.cidr_blocks.#")
|
||||
delete(conf, "ingress.0.cidr_blocks.0")
|
||||
|
||||
expanded := flatmap.Expand(conf, "ingress").([]interface{})
|
||||
perms, err := expandIPPerms(expanded)
|
||||
|
||||
if err != nil {
|
||||
t.Fatalf("bad: %#v", err)
|
||||
}
|
||||
expected := ec2.IPPerm{
|
||||
Protocol: "icmp",
|
||||
FromPort: 1,
|
||||
ToPort: -1,
|
||||
SourceGroups: []ec2.UserSecurityGroup{
|
||||
ec2.UserSecurityGroup{
|
||||
Id: "sg-11111",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(perms[0], expected) {
|
||||
t.Fatalf(
|
||||
"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
|
||||
perms[0],
|
||||
expected)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func Test_flattenIPPerms(t *testing.T) {
|
||||
cases := []struct {
|
||||
Input []ec2.IPPerm
|
||||
|
|
|
|||
Loading…
Reference in New Issue