From 81003fa6b10913dd02dbcb16a539c95e5bb3a182 Mon Sep 17 00:00:00 2001 From: Krzysztof Wilczynski Date: Sat, 16 Jul 2016 03:28:09 +0900 Subject: [PATCH] Fix icmp_type and icmp_code in aws_network_acl_rule. The ICMP type 0 (Echo Reply) was not handled correctly. This commit changes the type of attributes "icmp_type" and "icmp_code" from TypeInt to TypeString, allowing for the string value to be manually converted into an integer. This enables an integer values such as -1, 0, 8, etc., coming from the resource definition in the template to be handled correctly. Signed-off-by: Krzysztof Wilczynski --- .../aws/resource_aws_network_acl_rule.go | 21 ++++++++++++++----- .../aws/resource_aws_network_acl_rule_test.go | 14 +++++++++++-- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/builtin/providers/aws/resource_aws_network_acl_rule.go b/builtin/providers/aws/resource_aws_network_acl_rule.go index b27f908d2b..be347daf3f 100644 --- a/builtin/providers/aws/resource_aws_network_acl_rule.go +++ b/builtin/providers/aws/resource_aws_network_acl_rule.go @@ -63,12 +63,12 @@ func resourceAwsNetworkAclRule() *schema.Resource { ForceNew: true, }, "icmp_type": &schema.Schema{ - Type: schema.TypeInt, + Type: schema.TypeString, Optional: true, ForceNew: true, }, "icmp_code": &schema.Schema{ - Type: schema.TypeInt, + Type: schema.TypeString, Optional: true, ForceNew: true, }, @@ -103,14 +103,25 @@ func resourceAwsNetworkAclRuleCreate(d *schema.ResourceData, meta interface{}) e }, } - // Specify additional required fields for ICMP + // Specify additional required fields for ICMP. For the list + // of ICMP codes and types, see: http://www.nthelp.com/icmp.html if p == 1 { params.IcmpTypeCode = &ec2.IcmpTypeCode{} if v, ok := d.GetOk("icmp_code"); ok { - params.IcmpTypeCode.Code = aws.Int64(int64(v.(int))) + icmpCode, err := strconv.Atoi(v.(string)) + if err != nil { + return fmt.Errorf("Unable to parse ICMP code %s for rule %#v", v, d.Get("rule_number").(int)) + } + params.IcmpTypeCode.Code = aws.Int64(int64(icmpCode)) + log.Printf("[DEBUG] Transformed ICMP code %s into %d", v, icmpCode) } if v, ok := d.GetOk("icmp_type"); ok { - params.IcmpTypeCode.Type = aws.Int64(int64(v.(int))) + icmpType, err := strconv.Atoi(v.(string)) + if err != nil { + return fmt.Errorf("Unable to parse ICMP type %s for rule %#v", v, d.Get("rule_number").(int)) + } + params.IcmpTypeCode.Type = aws.Int64(int64(icmpType)) + log.Printf("[DEBUG] Transformed ICMP type %s into %d", v, icmpType) } } diff --git a/builtin/providers/aws/resource_aws_network_acl_rule_test.go b/builtin/providers/aws/resource_aws_network_acl_rule_test.go index 56973b1d47..95682bf410 100644 --- a/builtin/providers/aws/resource_aws_network_acl_rule_test.go +++ b/builtin/providers/aws/resource_aws_network_acl_rule_test.go @@ -23,7 +23,8 @@ func TestAccAWSNetworkAclRule_basic(t *testing.T) { resource.TestStep{ Config: testAccAWSNetworkAclRuleBasicConfig, Check: resource.ComposeTestCheckFunc( - testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.bar", &networkAcl), + testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.baz", &networkAcl), + testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.quux", &networkAcl), ), }, }, @@ -112,7 +113,7 @@ resource "aws_vpc" "foo" { resource "aws_network_acl" "bar" { vpc_id = "${aws_vpc.foo.id}" } -resource "aws_network_acl_rule" "bar" { +resource "aws_network_acl_rule" "baz" { network_acl_id = "${aws_network_acl.bar.id}" rule_number = 200 egress = false @@ -122,4 +123,13 @@ resource "aws_network_acl_rule" "bar" { from_port = 22 to_port = 22 } +resource "aws_network_acl_rule" "quux" { + network_acl_id = "${aws_network_acl.bar.id}" + rule_number = 300 + protocol = "icmp" + rule_action = "allow" + cidr_block = "0.0.0.0/0" + icmp_type = 0 + icmp_code = -1 +} `