Merge pull request #631 from snehaso/network_acl

aws_network_acl: return error if rule protocol is invalid
12 years ago · 82e60bb3cd
parent f1cb297c59 aad594aed3
commit 82e60bb3cd
3 changed files with 19 additions and 5 deletions
--- a/builtin/providers/aws/network_acl_entry.go
+++ b/builtin/providers/aws/network_acl_entry.go
@ -2,12 +2,18 @@ package aws

 import (
 	"github.com/mitchellh/goamz/ec2"
+	"fmt"
 )

-func expandNetworkAclEntries(configured []interface{}, entryType string) []ec2.NetworkAclEntry {
+func expandNetworkAclEntries(configured []interface{}, entryType string) ([]ec2.NetworkAclEntry, error) {
 	entries := make([]ec2.NetworkAclEntry, 0, len(configured))
 	for _, eRaw := range configured {
 		data := eRaw.(map[string]interface{})
+		protocol := data["protocol"].(string)
+		_, ok := protocolIntegers()[protocol]
+		if(!ok){
+			return nil, fmt.Errorf("Invalid Protocol %s for rule %#v", protocol, data)
+		}
 		p := extractProtocolInteger(data["protocol"].(string))
 		e := ec2.NetworkAclEntry{
 			Protocol: p,
@ -23,7 +29,7 @@ func expandNetworkAclEntries(configured []interface{}, entryType string) []ec2.N
 		entries = append(entries, e)
 	}

-	return entries
+	return entries, nil

 }

@ -63,6 +69,7 @@ func protocolIntegers() map[string]int {
 		"udp":  17,
 		"tcp":  6,
 		"icmp": 1,
+		"all": -1,
 	}
 	return protocolIntegers
 }
--- a/builtin/providers/aws/network_acl_entry_test.go
+++ b/builtin/providers/aws/network_acl_entry_test.go
@ -26,7 +26,7 @@ func Test_expandNetworkAclEntry(t *testing.T) {
 			"rule_no":    2,
 		},
 	}
-	expanded := expandNetworkAclEntries(input, "egress")
+	expanded, _ := expandNetworkAclEntries(input, "egress")

 	expected := []ec2.NetworkAclEntry{
 		ec2.NetworkAclEntry{
--- a/builtin/providers/aws/resource_aws_network_acl.go
+++ b/builtin/providers/aws/resource_aws_network_acl.go
@ -211,8 +211,11 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, ec2conn *

 	os := o.(*schema.Set)
 	ns := n.(*schema.Set)
-	toBeDeleted := expandNetworkAclEntries(os.Difference(ns).List(), entryType)
-	toBeCreated := expandNetworkAclEntries(ns.Difference(os).List(), entryType)
+	
+	toBeDeleted, err := expandNetworkAclEntries(os.Difference(ns).List(), entryType)
+	if(err != nil){
+		return err
+	}
 	for _, remove := range toBeDeleted {
 		// Delete old Acl
 		_, err := ec2conn.DeleteNetworkAclEntry(d.Id(), remove.RuleNumber, remove.Egress)
@ -221,6 +224,10 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, ec2conn *
 		}
 	}

+	toBeCreated, err := expandNetworkAclEntries(ns.Difference(os).List(), entryType)
+	if(err != nil){
+		return err
+	}
 	for _, add := range toBeCreated {
 		// Add new Acl entry
 		_, err := ec2conn.CreateNetworkAclEntry(d.Id(), &add)