github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/aws/import_aws_security_group.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"github.com/aws/aws-sdk-go/service/ec2"
     7  	"github.com/hashicorp/errwrap"
     8  	"github.com/hashicorp/terraform/helper/schema"
     9  )
    10  
    11  // Security group import fans out to multiple resources due to the
    12  // security group rules. Instead of creating one resource with nested
    13  // rules, we use the best practices approach of one resource per rule.
    14  func resourceAwsSecurityGroupImportState(
    15  	d *schema.ResourceData,
    16  	meta interface{}) ([]*schema.ResourceData, error) {
    17  	conn := meta.(*AWSClient).ec2conn
    18  
    19  	// First query the security group
    20  	sgRaw, _, err := SGStateRefreshFunc(conn, d.Id())()
    21  	if err != nil {
    22  		return nil, err
    23  	}
    24  	if sgRaw == nil {
    25  		return nil, fmt.Errorf("security group not found")
    26  	}
    27  	sg := sgRaw.(*ec2.SecurityGroup)
    28  	sgId := d.Id()
    29  
    30  	// Start building our results
    31  	results := make([]*schema.ResourceData, 1,
    32  		1+len(sg.IpPermissions)+len(sg.IpPermissionsEgress))
    33  	results[0] = d
    34  
    35  	// Construct the rules
    36  	ruleResource := resourceAwsSecurityGroupRule()
    37  	permMap := map[string][]*ec2.IpPermission{
    38  		"ingress": sg.IpPermissions,
    39  		"egress":  sg.IpPermissionsEgress,
    40  	}
    41  	for ruleType, perms := range permMap {
    42  		for _, perm := range perms {
    43  			// Construct the rule. We do this by populating the absolute
    44  			// minimum necessary for Refresh on the rule to work. This
    45  			// happens to be a lot of fields since they're almost all needed
    46  			// for de-dupping.
    47  			id := ipPermissionIDHash(sgId, ruleType, perm)
    48  			d := ruleResource.Data(nil)
    49  			d.SetId(id)
    50  			d.SetType("aws_security_group_rule")
    51  			d.Set("security_group_id", sgId)
    52  			d.Set("type", ruleType)
    53  
    54  			// 'self' is false by default. Below, we range over the group ids and set true
    55  			// if the parent sg id is found
    56  			d.Set("self", false)
    57  
    58  			if len(perm.UserIdGroupPairs) > 0 {
    59  				s := perm.UserIdGroupPairs[0]
    60  
    61  				// Check for Pair that is the same as the Security Group, to denote self.
    62  				// Otherwise, mark the group id in source_security_group_id
    63  				isVPC := sg.VpcId != nil && *sg.VpcId != ""
    64  				if isVPC {
    65  					if *s.GroupId == *sg.GroupId {
    66  						d.Set("self", true)
    67  						// prune the self reference from the UserIdGroupPairs, so we don't
    68  						// have duplicate sg ids (both self and in source_security_group_id)
    69  						perm.UserIdGroupPairs = append(perm.UserIdGroupPairs[:0], perm.UserIdGroupPairs[0+1:]...)
    70  					}
    71  				} else {
    72  					if *s.GroupName == *sg.GroupName {
    73  						d.Set("self", true)
    74  						// prune the self reference from the UserIdGroupPairs, so we don't
    75  						// have duplicate sg ids (both self and in source_security_group_id)
    76  						perm.UserIdGroupPairs = append(perm.UserIdGroupPairs[:0], perm.UserIdGroupPairs[0+1:]...)
    77  					}
    78  				}
    79  			}
    80  
    81  			// XXX If the rule contained more than one source security group, this
    82  			// will choose one of them. We actually need to create one rule for each
    83  			// source security group.
    84  			if err := setFromIPPerm(d, sg, perm); err != nil {
    85  				return nil, errwrap.Wrapf("Error importing AWS Security Group: {{err}}", err)
    86  			}
    87  			results = append(results, d)
    88  		}
    89  	}
    90  
    91  	return results, nil
    92  }