providers/aws: egress and ingress for sg

12 years ago · 47468c32a4
parent 3318fe97dc
commit 47468c32a4
3 changed files with 96 additions and 0 deletions
--- a/builtin/providers/aws/resource_aws_security_group.go
+++ b/builtin/providers/aws/resource_aws_security_group.go
@ -6,6 +6,7 @@ import (

 	"github.com/hashicorp/terraform/helper/diff"
 	"github.com/hashicorp/terraform/terraform"
+	"github.com/hashicorp/terraform/flatmap"
 	"github.com/mitchellh/goamz/ec2"
 )

@ -33,9 +34,32 @@ func resource_aws_security_group_create(
 	}

 	rs.ID = createResp.Id
+	group := createResp.SecurityGroup

 	log.Printf("[INFO] Security Group ID: %s", rs.ID)

+	// Expand the "ingress" array to goamz compat []ec2.IPPerm
+	v := flatmap.Expand(rs.Attributes, "ingress").([]interface{})
+	ingressRules := expandIPPerms(v)
+
+	// Expand the "egress" array to goamz compat []ec2.IPPerm
+	v = flatmap.Expand(rs.Attributes, "egress").([]interface{})
+	egressRules := expandIPPerms(v)
+
+	if len(egressRules) > 0 {
+		_, err = ec2conn.AuthorizeSecurityGroupEgress(group, egressRules)
+		if err != nil {
+			return rs, fmt.Errorf("Error authorizing security group egress rules: %s", err)
+		}
+	}
+
+	if len(egressRules) > 0 {
+		_, err = ec2conn.AuthorizeSecurityGroup(group, ingressRules)
+		if err != nil {
+			return rs, fmt.Errorf("Error authorizing security group ingress rules: %s", err)
+		}
+	}
+
 	sg, err := resource_aws_security_group_retrieve(rs.ID, ec2conn)
 	if err != nil {
 		return rs, err
--- a/builtin/providers/aws/structure.go
+++ b/builtin/providers/aws/structure.go
@ -1,7 +1,9 @@
 package aws

 import (
+	"github.com/mitchellh/goamz/ec2"
 	"github.com/mitchellh/goamz/elb"
+	"log"
 )

 // Takes the result of flatmap.Expand for an array of listeners and
@ -27,6 +29,43 @@ func expandListeners(configured []interface{}) []elb.Listener {
 	return listeners
 }

+// Takes the result of flatmap.Expand for an array of ingress/egress
+// security group rules and returns EC2 API compatible objects
+func expandIPPerms(configured []interface{}) []ec2.IPPerm {
+	perms := make([]ec2.IPPerm, 0, len(configured))
+
+	// Loop over our configured permissions and create
+	// an array of goamz/ec2 compatabile objects
+	for _, perm := range configured {
+		newP := perm.(map[string]interface{})
+		log.Println(newP)
+
+		// Loop over the array of sg ids and built
+		// compatibile goamz objects
+		groups := expandStringList(newP["security_groups"].([]interface{}))
+		expandedGroups := make([]ec2.UserSecurityGroup, 0, len(groups))
+		for _, g := range groups {
+			newG := ec2.UserSecurityGroup{
+				Id: g,
+			}
+			expandedGroups = append(expandedGroups, newG)
+		}
+
+		// Create the permission objet
+		p := ec2.IPPerm{
+			Protocol:     newP["protocol"].(string),
+			FromPort:     newP["from_port"].(int),
+			ToPort:       newP["to_port"].(int),
+			SourceIPs:    expandStringList(newP["cidr_blocks"].([]interface{})),
+			SourceGroups: expandedGroups,
+		}
+
+		perms = append(perms, p)
+	}
+
+	return perms
+}
+
 // Takes the result of flatmap.Expand for an array of strings
 // and returns a []string
 func expandStringList(configured []interface{}) []string {
--- a/builtin/providers/aws/structure_test.go
+++ b/builtin/providers/aws/structure_test.go
@ -5,6 +5,7 @@ import (
 	"testing"

 	"github.com/hashicorp/terraform/flatmap"
+	"github.com/mitchellh/goamz/ec2"
 	"github.com/mitchellh/goamz/elb"
 )

@ -19,9 +20,41 @@ func testConf() map[string]string {
 		"availability_zones.#":         "2",
 		"availability_zones.0":         "us-east-1a",
 		"availability_zones.1":         "us-east-1b",
+		"egress.#":                     "1",
+		"egress.0.protocol":            "icmp",
+		"egress.0.from_port":           "1",
+		"egress.0.to_port":             "-1",
+		"egress.0.cidr_blocks.#":       "1",
+		"egress.0.cidr_blocks.0":       "0.0.0.0/0",
+		"egress.0.security_groups.#":   "1",
+		"egress.0.security_groups.0":   "sg-11111",
 	}
 }

+func Test_expandIPPerms(t *testing.T) {
+	expanded := flatmap.Expand(testConf(), "egress").([]interface{})
+	perms := expandIPPerms(expanded)
+	expected := ec2.IPPerm{
+		Protocol:  "icmp",
+		FromPort:  1,
+		ToPort:    -1,
+		SourceIPs: []string{"0.0.0.0/0"},
+		SourceGroups: []ec2.UserSecurityGroup{
+			ec2.UserSecurityGroup{
+				Id: "sg-11111",
+			},
+		},
+	}
+
+	if !reflect.DeepEqual(perms[0], expected) {
+		t.Fatalf(
+			"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
+			perms[0],
+			expected)
+	}
+
+}
+
 func Test_expandListeners(t *testing.T) {
 	expanded := flatmap.Expand(testConf(), "listener").([]interface{})
 	listeners := expandListeners(expanded)