github.com/armen/terraform@v0.5.2-0.20150529052519-caa8117a08f1/builtin/providers/aws/network_acl_entry.go

github.com/armen/terraform@v0.5.2-0.20150529052519-caa8117a08f1/builtin/providers/aws/network_acl_entry.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"net"
     6  	"strconv"
     7  
     8  	"github.com/awslabs/aws-sdk-go/aws"
     9  	"github.com/awslabs/aws-sdk-go/service/ec2"
    10  )
    11  
    12  func expandNetworkAclEntries(configured []interface{}, entryType string) ([]*ec2.NetworkACLEntry, error) {
    13  	entries := make([]*ec2.NetworkACLEntry, 0, len(configured))
    14  	for _, eRaw := range configured {
    15  		data := eRaw.(map[string]interface{})
    16  		protocol := data["protocol"].(string)
    17  		p, err := strconv.Atoi(protocol)
    18  		if err != nil {
    19  			var ok bool
    20  			p, ok = protocolIntegers()[protocol]
    21  			if !ok {
    22  				return nil, fmt.Errorf("Invalid Protocol %s for rule %#v", protocol, data)
    23  			}
    24  		}
    25  
    26  		e := &ec2.NetworkACLEntry{
    27  			Protocol: aws.String(strconv.Itoa(p)),
    28  			PortRange: &ec2.PortRange{
    29  				From: aws.Long(int64(data["from_port"].(int))),
    30  				To:   aws.Long(int64(data["to_port"].(int))),
    31  			},
    32  			Egress:     aws.Boolean((entryType == "egress")),
    33  			RuleAction: aws.String(data["action"].(string)),
    34  			RuleNumber: aws.Long(int64(data["rule_no"].(int))),
    35  			CIDRBlock:  aws.String(data["cidr_block"].(string)),
    36  		}
    37  		entries = append(entries, e)
    38  	}
    39  	return entries, nil
    40  }
    41  
    42  func flattenNetworkAclEntries(list []*ec2.NetworkACLEntry) []map[string]interface{} {
    43  	entries := make([]map[string]interface{}, 0, len(list))
    44  
    45  	for _, entry := range list {
    46  		entries = append(entries, map[string]interface{}{
    47  			"from_port":  *entry.PortRange.From,
    48  			"to_port":    *entry.PortRange.To,
    49  			"action":     *entry.RuleAction,
    50  			"rule_no":    *entry.RuleNumber,
    51  			"protocol":   *entry.Protocol,
    52  			"cidr_block": *entry.CIDRBlock,
    53  		})
    54  	}
    55  
    56  	return entries
    57  
    58  }
    59  
    60  func protocolIntegers() map[string]int {
    61  	var protocolIntegers = make(map[string]int)
    62  	protocolIntegers = map[string]int{
    63  		"udp":  17,
    64  		"tcp":  6,
    65  		"icmp": 1,
    66  		"all":  -1,
    67  	}
    68  	return protocolIntegers
    69  }
    70  
    71  // expectedPortPair stores a pair of ports we expect to see together.
    72  type expectedPortPair struct {
    73  	to_port   int64
    74  	from_port int64
    75  }
    76  
    77  // validatePorts ensures the ports and protocol match expected
    78  // values.
    79  func validatePorts(to int64, from int64, expected expectedPortPair) bool {
    80  	if to != expected.to_port || from != expected.from_port {
    81  		return false
    82  	}
    83  
    84  	return true
    85  }
    86  
    87  // validateCIDRBlock ensures the passed CIDR block represents an implied
    88  // network, and not an overly-specified IP address.
    89  func validateCIDRBlock(cidr string) error {
    90  	_, ipnet, err := net.ParseCIDR(cidr)
    91  	if err != nil {
    92  		return err
    93  	}
    94  	if ipnet.String() != cidr {
    95  		return fmt.Errorf("%s is not a valid mask; did you mean %s?", cidr, ipnet)
    96  	}
    97  
    98  	return nil
    99  }