resource/aws_security_group_rule: Add import functionality for security group rules #6027
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
size/XXL
YakDriver
force-pushed
the
import-security-groups
branch
from
14a17ba
to
a41053c
Compare
|
@bflad code, acceptance tests, docs ready for review & adjust! |
bflad
added
enhancement
bflad
reviewed
Oct 2, 2018
bflad
reviewed
Oct 2, 2018
There was a problem hiding this comment.
This is going to be huge help for a lot of people, thanks @YakDriver! Sorry for the drive-by comments, but I left some initial thoughts below. What do you think?
YakDriver
force-pushed
the
import-security-groups
branch
from
6d40f51
to
291d9f9
Compare
|
@bflad I made the changes you requested, added more examples to the docs, updated the examples above in this PR, and have re-run the acceptance tests: $ make testacc TESTARGS='-run=TestAccAWSSecurityGroupRule_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -run=TestAccAWSSecurityGroupRule_ -timeout 120m
? github.com/terraform-providers/terraform-provider-aws [no test files]
=== RUN TestAccAWSSecurityGroupRule_Ingress_VPC
--- PASS: TestAccAWSSecurityGroupRule_Ingress_VPC (21.82s)
=== RUN TestAccAWSSecurityGroupRule_Ingress_Protocol
--- PASS: TestAccAWSSecurityGroupRule_Ingress_Protocol (35.72s)
=== RUN TestAccAWSSecurityGroupRule_Ingress_Ipv6
--- PASS: TestAccAWSSecurityGroupRule_Ingress_Ipv6 (34.94s)
=== RUN TestAccAWSSecurityGroupRule_Ingress_Classic
--- PASS: TestAccAWSSecurityGroupRule_Ingress_Classic (20.69s)
=== RUN TestAccAWSSecurityGroupRule_MultiIngress
--- PASS: TestAccAWSSecurityGroupRule_MultiIngress (23.07s)
=== RUN TestAccAWSSecurityGroupRule_Egress
--- PASS: TestAccAWSSecurityGroupRule_Egress (20.14s)
=== RUN TestAccAWSSecurityGroupRule_SelfReference
--- PASS: TestAccAWSSecurityGroupRule_SelfReference (36.87s)
=== RUN TestAccAWSSecurityGroupRule_ExpectInvalidTypeError
--- PASS: TestAccAWSSecurityGroupRule_ExpectInvalidTypeError (0.92s)
=== RUN TestAccAWSSecurityGroupRule_ExpectInvalidCIDR
--- PASS: TestAccAWSSecurityGroupRule_ExpectInvalidCIDR (0.87s)
=== RUN TestAccAWSSecurityGroupRule_PartialMatching_basic
--- PASS: TestAccAWSSecurityGroupRule_PartialMatching_basic (42.00s)
=== RUN TestAccAWSSecurityGroupRule_PartialMatching_Source
--- PASS: TestAccAWSSecurityGroupRule_PartialMatching_Source (41.27s)
=== RUN TestAccAWSSecurityGroupRule_Issue5310
--- PASS: TestAccAWSSecurityGroupRule_Issue5310 (20.27s)
=== RUN TestAccAWSSecurityGroupRule_Race
--- PASS: TestAccAWSSecurityGroupRule_Race (323.01s)
=== RUN TestAccAWSSecurityGroupRule_SelfSource
--- PASS: TestAccAWSSecurityGroupRule_SelfSource (35.96s)
=== RUN TestAccAWSSecurityGroupRule_PrefixListEgress
--- PASS: TestAccAWSSecurityGroupRule_PrefixListEgress (48.83s)
=== RUN TestAccAWSSecurityGroupRule_IngressDescription
--- PASS: TestAccAWSSecurityGroupRule_IngressDescription (20.90s)
=== RUN TestAccAWSSecurityGroupRule_EgressDescription
--- PASS: TestAccAWSSecurityGroupRule_EgressDescription (20.36s)
=== RUN TestAccAWSSecurityGroupRule_IngressDescription_updates
--- PASS: TestAccAWSSecurityGroupRule_IngressDescription_updates (29.80s)
=== RUN TestAccAWSSecurityGroupRule_EgressDescription_updates
--- PASS: TestAccAWSSecurityGroupRule_EgressDescription_updates (29.29s)
=== RUN TestAccAWSSecurityGroupRule_MultiDescription
--- PASS: TestAccAWSSecurityGroupRule_MultiDescription (126.77s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 933.525s |
YakDriver
force-pushed
the
import-security-groups
branch
from
291d9f9
to
cb6ec49
Compare
bflad
approved these changes
Oct 8, 2018
There was a problem hiding this comment.
Awesome work, @YakDriver! Let's get this in (with one minor simplification on merge) 🚀
--- PASS: TestAccAWSSecurityGroupRule_ExpectInvalidTypeError (1.96s)
--- PASS: TestAccAWSSecurityGroupRule_ExpectInvalidCIDR (2.32s)
--- PASS: TestAccAWSSecurityGroupRule_IngressDescription (17.19s)
--- PASS: TestAccAWSSecurityGroupRule_Ingress_Classic (20.66s)
--- PASS: TestAccAWSSecurityGroupRule_Egress (23.80s)
--- PASS: TestAccAWSSecurityGroupRule_EgressDescription_updates (24.18s)
--- PASS: TestAccAWSSecurityGroupRule_Issue5310 (26.44s)
--- PASS: TestAccAWSSecurityGroupRule_Ingress_Ipv6 (28.50s)
--- PASS: TestAccAWSSecurityGroupRule_EgressDescription (31.30s)
--- PASS: TestAccAWSSecurityGroupRule_Ingress_VPC (31.40s)
--- PASS: TestAccAWSSecurityGroupRule_IngressDescription_updates (36.44s)
--- PASS: TestAccAWSSecurityGroupRule_SelfSource (36.49s)
--- PASS: TestAccAWSSecurityGroupRule_SelfReference (39.08s)
--- PASS: TestAccAWSSecurityGroupRule_Ingress_Protocol (40.50s)
--- PASS: TestAccAWSSecurityGroupRule_PrefixListEgress (40.64s)
--- PASS: TestAccAWSSecurityGroupRule_PartialMatching_Source (41.02s)
--- PASS: TestAccAWSSecurityGroupRule_MultiIngress (41.96s)
--- PASS: TestAccAWSSecurityGroupRule_PartialMatching_basic (44.00s)
--- PASS: TestAccAWSSecurityGroupRule_MultiDescription (53.58s)
--- PASS: TestAccAWSSecurityGroupRule_Race (432.57s)
|
This has been released in version 1.40.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
This was referenced Oct 22, 2018
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #2895
Changes proposed in this pull request:
aws_security_group_ruleto allow for importing rulesHow it works
Import string/ID
The import string/ID can be complex but manageable. It follows this format:
SECURITYGROUPID_TYPE_PROTOCOL_FROMPORT_TOPORT_SOURCE[_SOURCE]*These are valid examples of import strings:
sg-09a093729ef9382a6_ingress_tcp_8000_8000_10.0.3.0/24sg-09a093729ef9382a6_ingress_92_0_65535_10.0.3.0/24_10.0.4.0/24(multiple CIDR blocks)sg-09a093729ef9382a6_egress_tcp_100_8000_10.0.3.0/24(port range)sg-09a093729ef9382a6_egress_tcp_8000_8000_pl-34800000(prefix list id destination)sg-09a093729ef9382a6_ingress_all_0_65535_sg-08123412342323sg-09a093729ef9382a6_ingress_tcp_100_121_10.1.0.0/16_2001:db8::/48_10.2.0.0/16_2002:db8::/48(mixture of IPv4 and IPv6 CIDRs)sg-09a093729ef9382a6_ingress_tcp_0_65535_self_2001:db8::/48(self + IPv6 CIDR block)sg-09a093729ef9382a6_ingress_92_0_65535_self(if protocol is not TCP/UDP/ICMP/ALL then it must be a protocol number)All tricky functionality
This captures all security group rule functionality including the tricky bits:
allprotocolsallportsFlexible: Config / import ID don't have to match
AWS is not particular about needing to modify an entire rule. Thus, you can partially import (i.e., some CIDR blocks but not others) and then update those within Terraform. AWS gracefully adjusts rules accordingly.
Acceptance tests:
I added imports/state verification to 17 of 20 existing tests. Import didn't make sense for the other 3 -- 2 test error conditions and 1 tests a race condition.
Output from acceptance testing: