github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/aws/import_aws_security_group.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 6 "github.com/aws/aws-sdk-go/service/ec2" 7 "github.com/hashicorp/errwrap" 8 "github.com/hashicorp/terraform/helper/schema" 9 ) 10 11 // Security group import fans out to multiple resources due to the 12 // security group rules. Instead of creating one resource with nested 13 // rules, we use the best practices approach of one resource per rule. 14 func resourceAwsSecurityGroupImportState( 15 d *schema.ResourceData, 16 meta interface{}) ([]*schema.ResourceData, error) { 17 conn := meta.(*AWSClient).ec2conn 18 19 // First query the security group 20 sgRaw, _, err := SGStateRefreshFunc(conn, d.Id())() 21 if err != nil { 22 return nil, err 23 } 24 if sgRaw == nil { 25 return nil, fmt.Errorf("security group not found") 26 } 27 sg := sgRaw.(*ec2.SecurityGroup) 28 sgId := d.Id() 29 30 // Start building our results 31 results := make([]*schema.ResourceData, 1, 32 1+len(sg.IpPermissions)+len(sg.IpPermissionsEgress)) 33 results[0] = d 34 35 // Construct the rules 36 ruleResource := resourceAwsSecurityGroupRule() 37 permMap := map[string][]*ec2.IpPermission{ 38 "ingress": sg.IpPermissions, 39 "egress": sg.IpPermissionsEgress, 40 } 41 for ruleType, perms := range permMap { 42 for _, perm := range perms { 43 // Construct the rule. We do this by populating the absolute 44 // minimum necessary for Refresh on the rule to work. This 45 // happens to be a lot of fields since they're almost all needed 46 // for de-dupping. 47 id := ipPermissionIDHash(sgId, ruleType, perm) 48 d := ruleResource.Data(nil) 49 d.SetId(id) 50 d.SetType("aws_security_group_rule") 51 d.Set("security_group_id", sgId) 52 d.Set("type", ruleType) 53 54 // 'self' is false by default. Below, we range over the group ids and set true 55 // if the parent sg id is found 56 d.Set("self", false) 57 58 if len(perm.UserIdGroupPairs) > 0 { 59 s := perm.UserIdGroupPairs[0] 60 61 // Check for Pair that is the same as the Security Group, to denote self. 62 // Otherwise, mark the group id in source_security_group_id 63 isVPC := sg.VpcId != nil && *sg.VpcId != "" 64 if isVPC { 65 if *s.GroupId == *sg.GroupId { 66 d.Set("self", true) 67 // prune the self reference from the UserIdGroupPairs, so we don't 68 // have duplicate sg ids (both self and in source_security_group_id) 69 perm.UserIdGroupPairs = append(perm.UserIdGroupPairs[:0], perm.UserIdGroupPairs[0+1:]...) 70 } 71 } else { 72 if *s.GroupName == *sg.GroupName { 73 d.Set("self", true) 74 // prune the self reference from the UserIdGroupPairs, so we don't 75 // have duplicate sg ids (both self and in source_security_group_id) 76 perm.UserIdGroupPairs = append(perm.UserIdGroupPairs[:0], perm.UserIdGroupPairs[0+1:]...) 77 } 78 } 79 } 80 81 // XXX If the rule contained more than one source security group, this 82 // will choose one of them. We actually need to create one rule for each 83 // source security group. 84 if err := setFromIPPerm(d, sg, perm); err != nil { 85 return nil, errwrap.Wrapf("Error importing AWS Security Group: {{err}}", err) 86 } 87 results = append(results, d) 88 } 89 } 90 91 return results, nil 92 }