provider/aws: Add inplace edit/update DB Security Group Rule Ingress (#7245)
This commit is contained in:
parent
d2df76e01d
commit
dd0850af59
|
@ -46,7 +46,6 @@ func resourceAwsDbSecurityGroup() *schema.Resource {
|
||||||
"ingress": &schema.Schema{
|
"ingress": &schema.Schema{
|
||||||
Type: schema.TypeSet,
|
Type: schema.TypeSet,
|
||||||
Required: true,
|
Required: true,
|
||||||
ForceNew: true,
|
|
||||||
Elem: &schema.Resource{
|
Elem: &schema.Resource{
|
||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
"cidr": &schema.Schema{
|
"cidr": &schema.Schema{
|
||||||
|
@ -209,6 +208,42 @@ func resourceAwsDbSecurityGroupUpdate(d *schema.ResourceData, meta interface{})
|
||||||
d.SetPartial("tags")
|
d.SetPartial("tags")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if d.HasChange("ingress") {
|
||||||
|
sg, err := resourceAwsDbSecurityGroupRetrieve(d, meta)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
oi, ni := d.GetChange("ingress")
|
||||||
|
if oi == nil {
|
||||||
|
oi = new(schema.Set)
|
||||||
|
}
|
||||||
|
if ni == nil {
|
||||||
|
ni = new(schema.Set)
|
||||||
|
}
|
||||||
|
|
||||||
|
ois := oi.(*schema.Set)
|
||||||
|
nis := ni.(*schema.Set)
|
||||||
|
removeIngress := ois.Difference(nis).List()
|
||||||
|
newIngress := nis.Difference(ois).List()
|
||||||
|
|
||||||
|
// DELETE old Ingress rules
|
||||||
|
for _, ing := range removeIngress {
|
||||||
|
err := resourceAwsDbSecurityGroupRevokeRule(ing, *sg.DBSecurityGroupName, conn)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// ADD new/updated Ingress rules
|
||||||
|
for _, ing := range newIngress {
|
||||||
|
err := resourceAwsDbSecurityGroupAuthorizeRule(ing, *sg.DBSecurityGroupName, conn)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
d.Partial(false)
|
d.Partial(false)
|
||||||
|
|
||||||
return resourceAwsDbSecurityGroupRead(d, meta)
|
return resourceAwsDbSecurityGroupRead(d, meta)
|
||||||
|
@ -293,6 +328,41 @@ func resourceAwsDbSecurityGroupAuthorizeRule(ingress interface{}, dbSecurityGrou
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Revokes the ingress rule on the db security group
|
||||||
|
func resourceAwsDbSecurityGroupRevokeRule(ingress interface{}, dbSecurityGroupName string, conn *rds.RDS) error {
|
||||||
|
ing := ingress.(map[string]interface{})
|
||||||
|
|
||||||
|
opts := rds.RevokeDBSecurityGroupIngressInput{
|
||||||
|
DBSecurityGroupName: aws.String(dbSecurityGroupName),
|
||||||
|
}
|
||||||
|
|
||||||
|
if attr, ok := ing["cidr"]; ok && attr != "" {
|
||||||
|
opts.CIDRIP = aws.String(attr.(string))
|
||||||
|
}
|
||||||
|
|
||||||
|
if attr, ok := ing["security_group_name"]; ok && attr != "" {
|
||||||
|
opts.EC2SecurityGroupName = aws.String(attr.(string))
|
||||||
|
}
|
||||||
|
|
||||||
|
if attr, ok := ing["security_group_id"]; ok && attr != "" {
|
||||||
|
opts.EC2SecurityGroupId = aws.String(attr.(string))
|
||||||
|
}
|
||||||
|
|
||||||
|
if attr, ok := ing["security_group_owner_id"]; ok && attr != "" {
|
||||||
|
opts.EC2SecurityGroupOwnerId = aws.String(attr.(string))
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Printf("[DEBUG] Revoking ingress rule configuration: %#v", opts)
|
||||||
|
|
||||||
|
_, err := conn.RevokeDBSecurityGroupIngress(&opts)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Error revoking security group ingress: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func resourceAwsDbSecurityGroupIngressHash(v interface{}) int {
|
func resourceAwsDbSecurityGroupIngressHash(v interface{}) int {
|
||||||
var buf bytes.Buffer
|
var buf bytes.Buffer
|
||||||
m := v.(map[string]interface{})
|
m := v.(map[string]interface{})
|
||||||
|
|
Loading…
Reference in New Issue