Skip to content

Commit

Permalink
Merge pull request #8975 from mootpt/protocol-fix
Browse files Browse the repository at this point in the history
Allow use of protocol numbers for ah and esp
  • Loading branch information
mootpt authored Sep 21, 2016
2 parents e8a7b5d + 527e0c3 commit 9478169
Show file tree
Hide file tree
Showing 4 changed files with 65 additions and 6 deletions.
2 changes: 0 additions & 2 deletions builtin/providers/aws/network_acl_entry.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,6 @@ func protocolIntegers() map[string]int {
var protocolIntegers = make(map[string]int)
protocolIntegers = map[string]int{
// defined at https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
"ah": 51,
"esp": 50,
"udp": 17,
"tcp": 6,
"icmp": 1,
Expand Down
61 changes: 61 additions & 0 deletions builtin/providers/aws/resource_aws_security_group_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -471,6 +471,47 @@ func TestAccAWSSecurityGroup_vpcNegOneIngress(t *testing.T) {
},
})
}
func TestAccAWSSecurityGroup_vpcProtoNumIngress(t *testing.T) {
var group ec2.SecurityGroup

testCheck := func(*terraform.State) error {
if *group.VpcId == "" {
return fmt.Errorf("should have vpc ID")
}

return nil
}

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
IDRefreshName: "aws_security_group.web",
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSSecurityGroupConfigVpcProtoNumIngress,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group),
resource.TestCheckResourceAttr(
"aws_security_group.web", "name", "terraform_acceptance_test_example"),
resource.TestCheckResourceAttr(
"aws_security_group.web", "description", "Used in the terraform acceptance tests"),
resource.TestCheckResourceAttr(
"aws_security_group.web", "ingress.2449525218.protocol", "50"),
resource.TestCheckResourceAttr(
"aws_security_group.web", "ingress.2449525218.from_port", "0"),
resource.TestCheckResourceAttr(
"aws_security_group.web", "ingress.2449525218.to_port", "0"),
resource.TestCheckResourceAttr(
"aws_security_group.web", "ingress.2449525218.cidr_blocks.#", "1"),
resource.TestCheckResourceAttr(
"aws_security_group.web", "ingress.2449525218.cidr_blocks.0", "10.0.0.0/8"),
testCheck,
),
},
},
})
}
func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) {
var group ec2.SecurityGroup

Expand Down Expand Up @@ -1240,6 +1281,26 @@ resource "aws_security_group" "web" {
}
}
`

const testAccAWSSecurityGroupConfigVpcProtoNumIngress = `
resource "aws_vpc" "foo" {
cidr_block = "10.1.0.0/16"
}
resource "aws_security_group" "web" {
name = "terraform_acceptance_test_example"
description = "Used in the terraform acceptance tests"
vpc_id = "${aws_vpc.foo.id}"
ingress {
protocol = "50"
from_port = 0
to_port = 0
cidr_blocks = ["10.0.0.0/8"]
}
}
`

const testAccAWSSecurityGroupConfigMultiIngress = `
resource "aws_vpc" "foo" {
cidr_block = "10.1.0.0/16"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ The `ingress` block supports:
* `cidr_blocks` - (Optional) List of CIDR blocks.
* `from_port` - (Required) The start port (or ICMP type number if protocol is "icmp")
* `protocol` - (Required) The protocol. If you select a protocol of
"-1", you must specify a "from_port" and "to_port" equal to 0.
"-1", you must specify a "from_port" and "to_port" equal to 0. If not icmp, tcp, udp, or all use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)
* `security_groups` - (Optional) List of security group Group Names if using
EC2-Classic, or Group IDs if using a VPC.
* `self` - (Optional) If true, the security group itself will be added as
Expand All @@ -100,7 +100,7 @@ The `egress` block supports:
* `prefix_list_ids` - (Optional) List of prefix list IDs (for allowing access to VPC endpoints)
* `from_port` - (Required) The start port (or ICMP type number if protocol is "icmp")
* `protocol` - (Required) The protocol. If you select a protocol of
"-1", you must specify a "from_port" and "to_port" equal to 0.
"-1", you must specify a "from_port" and "to_port" equal to 0. If not icmp, tcp, udp, or all use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)
* `security_groups` - (Optional) List of security group Group Names if using
EC2-Classic, or Group IDs if using a VPC.
* `self` - (Optional) If true, the security group itself will be added as
Expand Down Expand Up @@ -156,7 +156,7 @@ The following attributes are exported:

## Import

Security Groups can be imported using the `security group id`, e.g.
Security Groups can be imported using the `security group id`, e.g.

```
$ terraform import aws_security_group.elb_sg sg-903004f8
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ or `egress` (outbound).
* `prefix_list_ids` - (Optional) List of prefix list IDs (for allowing access to VPC endpoints).
Only valid with `egress`.
* `from_port` - (Required) The start port (or ICMP type number if protocol is "icmp").
* `protocol` - (Required) The protocol.
* `protocol` - (Required) The protocol. If not icmp, tcp, udp, or all use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)
* `security_group_id` - (Required) The security group to apply this rule to.
* `source_security_group_id` - (Optional) The security group id to allow access to/from,
depending on the `type`. Cannot be specified with `cidr_blocks`.
Expand Down

0 comments on commit 9478169

Please sign in to comment.