Remove aws_network_acl_rule if not found. (#13608)
This commit is contained in:
parent
ce09cc1bb9
commit
da7041f4be
|
@ -163,10 +163,14 @@ func resourceAwsNetworkAclRuleCreate(d *schema.ResourceData, meta interface{}) e
|
||||||
// API (see issue GH-4721). Retry the `findNetworkAclRule` function until it is
|
// API (see issue GH-4721). Retry the `findNetworkAclRule` function until it is
|
||||||
// visible (which in most cases is likely immediately).
|
// visible (which in most cases is likely immediately).
|
||||||
err = resource.Retry(3*time.Minute, func() *resource.RetryError {
|
err = resource.Retry(3*time.Minute, func() *resource.RetryError {
|
||||||
_, findErr := findNetworkAclRule(d, meta)
|
r, findErr := findNetworkAclRule(d, meta)
|
||||||
if findErr != nil {
|
if findErr != nil {
|
||||||
return resource.RetryableError(findErr)
|
return resource.RetryableError(findErr)
|
||||||
}
|
}
|
||||||
|
if r == nil {
|
||||||
|
err := fmt.Errorf("Network ACL rule (%s) not found", d.Id())
|
||||||
|
return resource.RetryableError(err)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
})
|
})
|
||||||
|
@ -182,6 +186,11 @@ func resourceAwsNetworkAclRuleRead(d *schema.ResourceData, meta interface{}) err
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if resp == nil {
|
||||||
|
log.Printf("[DEBUG] Network ACL rule (%s) not found", d.Id())
|
||||||
|
d.SetId("")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
d.Set("rule_number", resp.RuleNumber)
|
d.Set("rule_number", resp.RuleNumber)
|
||||||
d.Set("cidr_block", resp.CidrBlock)
|
d.Set("cidr_block", resp.CidrBlock)
|
||||||
|
@ -257,7 +266,11 @@ func findNetworkAclRule(d *schema.ResourceData, meta interface{}) (*ec2.NetworkA
|
||||||
return nil, fmt.Errorf("Error Finding Network Acl Rule %d: %s", d.Get("rule_number").(int), err.Error())
|
return nil, fmt.Errorf("Error Finding Network Acl Rule %d: %s", d.Get("rule_number").(int), err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
if resp == nil || len(resp.NetworkAcls) != 1 || resp.NetworkAcls[0] == nil {
|
if resp == nil || len(resp.NetworkAcls) == 0 || resp.NetworkAcls[0] == nil {
|
||||||
|
// Missing NACL rule.
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
if len(resp.NetworkAcls) > 1 {
|
||||||
return nil, fmt.Errorf(
|
return nil, fmt.Errorf(
|
||||||
"Expected to find one Network ACL, got: %#v",
|
"Expected to find one Network ACL, got: %#v",
|
||||||
resp.NetworkAcls)
|
resp.NetworkAcls)
|
||||||
|
|
|
@ -137,6 +137,26 @@ func TestResourceAWSNetworkAclRule_validateICMPArgumentValue(t *testing.T) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAccAWSNetworkAclRule_deleteRule(t *testing.T) {
|
||||||
|
var networkAcl ec2.NetworkAcl
|
||||||
|
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
{
|
||||||
|
Config: testAccAWSNetworkAclRuleBasicConfig,
|
||||||
|
Check: resource.ComposeTestCheckFunc(
|
||||||
|
testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.baz", &networkAcl),
|
||||||
|
testAccCheckAWSNetworkAclRuleDelete("aws_network_acl_rule.baz"),
|
||||||
|
),
|
||||||
|
ExpectNonEmptyPlan: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func testAccCheckAWSNetworkAclRuleDestroy(s *terraform.State) error {
|
func testAccCheckAWSNetworkAclRuleDestroy(s *terraform.State) error {
|
||||||
|
|
||||||
for _, rs := range s.RootModule().Resources {
|
for _, rs := range s.RootModule().Resources {
|
||||||
|
@ -179,7 +199,7 @@ func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) r
|
||||||
}
|
}
|
||||||
|
|
||||||
if rs.Primary.ID == "" {
|
if rs.Primary.ID == "" {
|
||||||
return fmt.Errorf("No Network ACL Id is set")
|
return fmt.Errorf("No Network ACL Rule Id is set")
|
||||||
}
|
}
|
||||||
|
|
||||||
req := &ec2.DescribeNetworkAclsInput{
|
req := &ec2.DescribeNetworkAclsInput{
|
||||||
|
@ -209,6 +229,40 @@ func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) r
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func testAccCheckAWSNetworkAclRuleDelete(n string) resource.TestCheckFunc {
|
||||||
|
return func(s *terraform.State) error {
|
||||||
|
rs, ok := s.RootModule().Resources[n]
|
||||||
|
if !ok {
|
||||||
|
return fmt.Errorf("Not found: %s", n)
|
||||||
|
}
|
||||||
|
|
||||||
|
if rs.Primary.ID == "" {
|
||||||
|
return fmt.Errorf("No Network ACL Rule Id is set")
|
||||||
|
}
|
||||||
|
|
||||||
|
egress, err := strconv.ParseBool(rs.Primary.Attributes["egress"])
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
ruleNo, err := strconv.ParseInt(rs.Primary.Attributes["rule_number"], 10, 64)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
conn := testAccProvider.Meta().(*AWSClient).ec2conn
|
||||||
|
_, err = conn.DeleteNetworkAclEntry(&ec2.DeleteNetworkAclEntryInput{
|
||||||
|
NetworkAclId: aws.String(rs.Primary.Attributes["network_acl_id"]),
|
||||||
|
RuleNumber: aws.Int64(ruleNo),
|
||||||
|
Egress: aws.Bool(egress),
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Error deleting Network ACL Rule (%s) in testAccCheckAWSNetworkAclRuleDelete: %s", rs.Primary.ID, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const testAccAWSNetworkAclRuleBasicConfig = `
|
const testAccAWSNetworkAclRuleBasicConfig = `
|
||||||
provider "aws" {
|
provider "aws" {
|
||||||
region = "us-east-1"
|
region = "us-east-1"
|
||||||
|
|
Loading…
Reference in New Issue