github.com/ottenhoff/terraform@v0.7.0-rc1.0.20160607213102-ac2d195cc560/builtin/providers/aws/resource_aws_security_group_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "strings" 7 "testing" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awserr" 11 "github.com/aws/aws-sdk-go/service/ec2" 12 "github.com/hashicorp/terraform/helper/acctest" 13 "github.com/hashicorp/terraform/helper/resource" 14 "github.com/hashicorp/terraform/helper/schema" 15 "github.com/hashicorp/terraform/terraform" 16 ) 17 18 func TestProtocolStateFunc(t *testing.T) { 19 cases := []struct { 20 input interface{} 21 expected string 22 }{ 23 { 24 input: "tcp", 25 expected: "tcp", 26 }, 27 { 28 input: 6, 29 expected: "", 30 }, 31 { 32 input: "17", 33 expected: "udp", 34 }, 35 { 36 input: "all", 37 expected: "-1", 38 }, 39 { 40 input: "-1", 41 expected: "-1", 42 }, 43 { 44 input: -1, 45 expected: "", 46 }, 47 { 48 input: "1", 49 expected: "icmp", 50 }, 51 { 52 input: "icmp", 53 expected: "icmp", 54 }, 55 { 56 input: 1, 57 expected: "", 58 }, 59 } 60 for _, c := range cases { 61 result := protocolStateFunc(c.input) 62 if result != c.expected { 63 t.Errorf("Error matching protocol, expected (%s), got (%s)", c.expected, result) 64 } 65 } 66 } 67 68 func TestProtocolForValue(t *testing.T) { 69 cases := []struct { 70 input string 71 expected string 72 }{ 73 { 74 input: "tcp", 75 expected: "tcp", 76 }, 77 { 78 input: "6", 79 expected: "tcp", 80 }, 81 { 82 input: "udp", 83 expected: "udp", 84 }, 85 { 86 input: "17", 87 expected: "udp", 88 }, 89 { 90 input: "all", 91 expected: "-1", 92 }, 93 { 94 input: "-1", 95 expected: "-1", 96 }, 97 { 98 input: "tCp", 99 expected: "tcp", 100 }, 101 { 102 input: "6", 103 expected: "tcp", 104 }, 105 { 106 input: "UDp", 107 expected: "udp", 108 }, 109 { 110 input: "17", 111 expected: "udp", 112 }, 113 { 114 input: "ALL", 115 expected: "-1", 116 }, 117 { 118 input: "icMp", 119 expected: "icmp", 120 }, 121 { 122 input: "1", 123 expected: "icmp", 124 }, 125 } 126 127 for _, c := range cases { 128 result := protocolForValue(c.input) 129 if result != c.expected { 130 t.Errorf("Error matching protocol, expected (%s), got (%s)", c.expected, result) 131 } 132 } 133 } 134 135 func TestResourceAwsSecurityGroupIPPermGather(t *testing.T) { 136 raw := []*ec2.IpPermission{ 137 &ec2.IpPermission{ 138 IpProtocol: aws.String("tcp"), 139 FromPort: aws.Int64(int64(1)), 140 ToPort: aws.Int64(int64(-1)), 141 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("0.0.0.0/0")}}, 142 UserIdGroupPairs: []*ec2.UserIdGroupPair{ 143 &ec2.UserIdGroupPair{ 144 GroupId: aws.String("sg-11111"), 145 }, 146 }, 147 }, 148 &ec2.IpPermission{ 149 IpProtocol: aws.String("tcp"), 150 FromPort: aws.Int64(int64(80)), 151 ToPort: aws.Int64(int64(80)), 152 UserIdGroupPairs: []*ec2.UserIdGroupPair{ 153 // VPC 154 &ec2.UserIdGroupPair{ 155 GroupId: aws.String("sg-22222"), 156 }, 157 }, 158 }, 159 &ec2.IpPermission{ 160 IpProtocol: aws.String("tcp"), 161 FromPort: aws.Int64(int64(443)), 162 ToPort: aws.Int64(int64(443)), 163 UserIdGroupPairs: []*ec2.UserIdGroupPair{ 164 // Classic 165 &ec2.UserIdGroupPair{ 166 UserId: aws.String("12345"), 167 GroupId: aws.String("sg-33333"), 168 GroupName: aws.String("ec2_classic"), 169 }, 170 &ec2.UserIdGroupPair{ 171 UserId: aws.String("amazon-elb"), 172 GroupId: aws.String("sg-d2c979d3"), 173 GroupName: aws.String("amazon-elb-sg"), 174 }, 175 }, 176 }, 177 } 178 179 local := []map[string]interface{}{ 180 map[string]interface{}{ 181 "protocol": "tcp", 182 "from_port": int64(1), 183 "to_port": int64(-1), 184 "cidr_blocks": []string{"0.0.0.0/0"}, 185 "self": true, 186 }, 187 map[string]interface{}{ 188 "protocol": "tcp", 189 "from_port": int64(80), 190 "to_port": int64(80), 191 "security_groups": schema.NewSet(schema.HashString, []interface{}{ 192 "sg-22222", 193 }), 194 }, 195 map[string]interface{}{ 196 "protocol": "tcp", 197 "from_port": int64(443), 198 "to_port": int64(443), 199 "security_groups": schema.NewSet(schema.HashString, []interface{}{ 200 "ec2_classic", 201 "amazon-elb/amazon-elb-sg", 202 }), 203 }, 204 } 205 206 out := resourceAwsSecurityGroupIPPermGather("sg-11111", raw, aws.String("12345")) 207 for _, i := range out { 208 // loop and match rules, because the ordering is not guarneteed 209 for _, l := range local { 210 if i["from_port"] == l["from_port"] { 211 212 if i["to_port"] != l["to_port"] { 213 t.Fatalf("to_port does not match") 214 } 215 216 if _, ok := i["cidr_blocks"]; ok { 217 if !reflect.DeepEqual(i["cidr_blocks"], l["cidr_blocks"]) { 218 t.Fatalf("error matching cidr_blocks") 219 } 220 } 221 222 if _, ok := i["security_groups"]; ok { 223 outSet := i["security_groups"].(*schema.Set) 224 localSet := l["security_groups"].(*schema.Set) 225 226 if !outSet.Equal(localSet) { 227 t.Fatalf("Security Group sets are not equal") 228 } 229 } 230 } 231 } 232 } 233 } 234 235 func TestAccAWSSecurityGroup_basic(t *testing.T) { 236 var group ec2.SecurityGroup 237 238 resource.Test(t, resource.TestCase{ 239 PreCheck: func() { testAccPreCheck(t) }, 240 IDRefreshName: "aws_security_group.web", 241 Providers: testAccProviders, 242 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 243 Steps: []resource.TestStep{ 244 resource.TestStep{ 245 Config: testAccAWSSecurityGroupConfig, 246 Check: resource.ComposeTestCheckFunc( 247 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 248 testAccCheckAWSSecurityGroupAttributes(&group), 249 resource.TestCheckResourceAttr( 250 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 251 resource.TestCheckResourceAttr( 252 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 253 resource.TestCheckResourceAttr( 254 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 255 resource.TestCheckResourceAttr( 256 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 257 resource.TestCheckResourceAttr( 258 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 259 resource.TestCheckResourceAttr( 260 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 261 resource.TestCheckResourceAttr( 262 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 263 ), 264 }, 265 }, 266 }) 267 } 268 269 func TestAccAWSSecurityGroup_namePrefix(t *testing.T) { 270 var group ec2.SecurityGroup 271 272 resource.Test(t, resource.TestCase{ 273 PreCheck: func() { testAccPreCheck(t) }, 274 IDRefreshName: "aws_security_group.baz", 275 IDRefreshIgnore: []string{"name_prefix"}, 276 Providers: testAccProviders, 277 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 278 Steps: []resource.TestStep{ 279 resource.TestStep{ 280 Config: testAccAWSSecurityGroupPrefixNameConfig, 281 Check: resource.ComposeTestCheckFunc( 282 testAccCheckAWSSecurityGroupExists("aws_security_group.baz", &group), 283 testAccCheckAWSSecurityGroupGeneratedNamePrefix( 284 "aws_security_group.baz", "baz-"), 285 ), 286 }, 287 }, 288 }) 289 } 290 291 func TestAccAWSSecurityGroup_self(t *testing.T) { 292 var group ec2.SecurityGroup 293 294 checkSelf := func(s *terraform.State) (err error) { 295 defer func() { 296 if e := recover(); e != nil { 297 err = fmt.Errorf("bad: %#v", group) 298 } 299 }() 300 301 if *group.IpPermissions[0].UserIdGroupPairs[0].GroupId != *group.GroupId { 302 return fmt.Errorf("bad: %#v", group) 303 } 304 305 return nil 306 } 307 308 resource.Test(t, resource.TestCase{ 309 PreCheck: func() { testAccPreCheck(t) }, 310 IDRefreshName: "aws_security_group.web", 311 Providers: testAccProviders, 312 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 313 Steps: []resource.TestStep{ 314 resource.TestStep{ 315 Config: testAccAWSSecurityGroupConfigSelf, 316 Check: resource.ComposeTestCheckFunc( 317 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 318 resource.TestCheckResourceAttr( 319 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 320 resource.TestCheckResourceAttr( 321 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 322 resource.TestCheckResourceAttr( 323 "aws_security_group.web", "ingress.3971148406.protocol", "tcp"), 324 resource.TestCheckResourceAttr( 325 "aws_security_group.web", "ingress.3971148406.from_port", "80"), 326 resource.TestCheckResourceAttr( 327 "aws_security_group.web", "ingress.3971148406.to_port", "8000"), 328 resource.TestCheckResourceAttr( 329 "aws_security_group.web", "ingress.3971148406.self", "true"), 330 checkSelf, 331 ), 332 }, 333 }, 334 }) 335 } 336 337 func TestAccAWSSecurityGroup_vpc(t *testing.T) { 338 var group ec2.SecurityGroup 339 340 testCheck := func(*terraform.State) error { 341 if *group.VpcId == "" { 342 return fmt.Errorf("should have vpc ID") 343 } 344 345 return nil 346 } 347 348 resource.Test(t, resource.TestCase{ 349 PreCheck: func() { testAccPreCheck(t) }, 350 IDRefreshName: "aws_security_group.web", 351 Providers: testAccProviders, 352 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 353 Steps: []resource.TestStep{ 354 resource.TestStep{ 355 Config: testAccAWSSecurityGroupConfigVpc, 356 Check: resource.ComposeTestCheckFunc( 357 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 358 testAccCheckAWSSecurityGroupAttributes(&group), 359 resource.TestCheckResourceAttr( 360 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 361 resource.TestCheckResourceAttr( 362 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 363 resource.TestCheckResourceAttr( 364 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 365 resource.TestCheckResourceAttr( 366 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 367 resource.TestCheckResourceAttr( 368 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 369 resource.TestCheckResourceAttr( 370 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 371 resource.TestCheckResourceAttr( 372 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 373 resource.TestCheckResourceAttr( 374 "aws_security_group.web", "egress.3629188364.protocol", "tcp"), 375 resource.TestCheckResourceAttr( 376 "aws_security_group.web", "egress.3629188364.from_port", "80"), 377 resource.TestCheckResourceAttr( 378 "aws_security_group.web", "egress.3629188364.to_port", "8000"), 379 resource.TestCheckResourceAttr( 380 "aws_security_group.web", "egress.3629188364.cidr_blocks.#", "1"), 381 resource.TestCheckResourceAttr( 382 "aws_security_group.web", "egress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 383 testCheck, 384 ), 385 }, 386 }, 387 }) 388 } 389 390 func TestAccAWSSecurityGroup_vpcNegOneIngress(t *testing.T) { 391 var group ec2.SecurityGroup 392 393 testCheck := func(*terraform.State) error { 394 if *group.VpcId == "" { 395 return fmt.Errorf("should have vpc ID") 396 } 397 398 return nil 399 } 400 401 resource.Test(t, resource.TestCase{ 402 PreCheck: func() { testAccPreCheck(t) }, 403 IDRefreshName: "aws_security_group.web", 404 Providers: testAccProviders, 405 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 406 Steps: []resource.TestStep{ 407 resource.TestStep{ 408 Config: testAccAWSSecurityGroupConfigVpcNegOneIngress, 409 Check: resource.ComposeTestCheckFunc( 410 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 411 testAccCheckAWSSecurityGroupAttributesNegOneProtocol(&group), 412 resource.TestCheckResourceAttr( 413 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 414 resource.TestCheckResourceAttr( 415 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 416 resource.TestCheckResourceAttr( 417 "aws_security_group.web", "ingress.956249133.protocol", "-1"), 418 resource.TestCheckResourceAttr( 419 "aws_security_group.web", "ingress.956249133.from_port", "0"), 420 resource.TestCheckResourceAttr( 421 "aws_security_group.web", "ingress.956249133.to_port", "0"), 422 resource.TestCheckResourceAttr( 423 "aws_security_group.web", "ingress.956249133.cidr_blocks.#", "1"), 424 resource.TestCheckResourceAttr( 425 "aws_security_group.web", "ingress.956249133.cidr_blocks.0", "10.0.0.0/8"), 426 testCheck, 427 ), 428 }, 429 }, 430 }) 431 } 432 func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) { 433 var group ec2.SecurityGroup 434 435 resource.Test(t, resource.TestCase{ 436 PreCheck: func() { testAccPreCheck(t) }, 437 IDRefreshName: "aws_security_group.web", 438 Providers: testAccProviders, 439 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 440 Steps: []resource.TestStep{ 441 resource.TestStep{ 442 Config: testAccAWSSecurityGroupConfigMultiIngress, 443 Check: resource.ComposeTestCheckFunc( 444 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 445 ), 446 }, 447 }, 448 }) 449 } 450 451 func TestAccAWSSecurityGroup_Change(t *testing.T) { 452 var group ec2.SecurityGroup 453 454 resource.Test(t, resource.TestCase{ 455 PreCheck: func() { testAccPreCheck(t) }, 456 IDRefreshName: "aws_security_group.web", 457 Providers: testAccProviders, 458 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 459 Steps: []resource.TestStep{ 460 resource.TestStep{ 461 Config: testAccAWSSecurityGroupConfig, 462 Check: resource.ComposeTestCheckFunc( 463 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 464 ), 465 }, 466 resource.TestStep{ 467 Config: testAccAWSSecurityGroupConfigChange, 468 Check: resource.ComposeTestCheckFunc( 469 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 470 testAccCheckAWSSecurityGroupAttributesChanged(&group), 471 ), 472 }, 473 }, 474 }) 475 } 476 477 func TestAccAWSSecurityGroup_generatedName(t *testing.T) { 478 var group ec2.SecurityGroup 479 480 resource.Test(t, resource.TestCase{ 481 PreCheck: func() { testAccPreCheck(t) }, 482 IDRefreshName: "aws_security_group.web", 483 Providers: testAccProviders, 484 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 485 Steps: []resource.TestStep{ 486 resource.TestStep{ 487 Config: testAccAWSSecurityGroupConfig_generatedName, 488 Check: resource.ComposeTestCheckFunc( 489 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 490 resource.TestCheckResourceAttr( 491 "aws_security_group.web", "description", "Managed by Terraform"), 492 func(s *terraform.State) error { 493 if group.GroupName == nil { 494 return fmt.Errorf("bad: No SG name") 495 } 496 if !strings.HasPrefix(*group.GroupName, "terraform-") { 497 return fmt.Errorf("No terraform- prefix: %s", *group.GroupName) 498 } 499 return nil 500 }, 501 ), 502 }, 503 }, 504 }) 505 } 506 507 func TestAccAWSSecurityGroup_DefaultEgress(t *testing.T) { 508 509 // VPC 510 resource.Test(t, resource.TestCase{ 511 PreCheck: func() { testAccPreCheck(t) }, 512 IDRefreshName: "aws_security_group.worker", 513 Providers: testAccProviders, 514 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 515 Steps: []resource.TestStep{ 516 resource.TestStep{ 517 Config: testAccAWSSecurityGroupConfigDefaultEgress, 518 Check: resource.ComposeTestCheckFunc( 519 testAccCheckAWSSecurityGroupExistsWithoutDefault("aws_security_group.worker"), 520 ), 521 }, 522 }, 523 }) 524 525 // Classic 526 var group ec2.SecurityGroup 527 resource.Test(t, resource.TestCase{ 528 PreCheck: func() { testAccPreCheck(t) }, 529 IDRefreshName: "aws_security_group.web", 530 Providers: testAccProviders, 531 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 532 Steps: []resource.TestStep{ 533 resource.TestStep{ 534 Config: testAccAWSSecurityGroupConfigClassic, 535 Check: resource.ComposeTestCheckFunc( 536 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 537 ), 538 }, 539 }, 540 }) 541 } 542 543 // Testing drift detection with groups containing the same port and types 544 func TestAccAWSSecurityGroup_drift(t *testing.T) { 545 var group ec2.SecurityGroup 546 resource.Test(t, resource.TestCase{ 547 PreCheck: func() { testAccPreCheck(t) }, 548 Providers: testAccProviders, 549 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 550 Steps: []resource.TestStep{ 551 resource.TestStep{ 552 Config: testAccAWSSecurityGroupConfig_drift(), 553 Check: resource.ComposeTestCheckFunc( 554 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 555 resource.TestCheckResourceAttr( 556 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 557 resource.TestCheckResourceAttr( 558 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 559 resource.TestCheckResourceAttr( 560 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 561 resource.TestCheckResourceAttr( 562 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 563 resource.TestCheckResourceAttr( 564 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 565 resource.TestCheckResourceAttr( 566 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 567 ), 568 }, 569 }, 570 }) 571 } 572 573 func TestAccAWSSecurityGroup_drift_complex(t *testing.T) { 574 var group ec2.SecurityGroup 575 576 resource.Test(t, resource.TestCase{ 577 PreCheck: func() { testAccPreCheck(t) }, 578 Providers: testAccProviders, 579 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 580 Steps: []resource.TestStep{ 581 resource.TestStep{ 582 Config: testAccAWSSecurityGroupConfig_drift_complex(), 583 Check: resource.ComposeTestCheckFunc( 584 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 585 resource.TestCheckResourceAttr( 586 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 587 resource.TestCheckResourceAttr( 588 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 589 resource.TestCheckResourceAttr( 590 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 591 resource.TestCheckResourceAttr( 592 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 593 resource.TestCheckResourceAttr( 594 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 595 resource.TestCheckResourceAttr( 596 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 597 ), 598 }, 599 }, 600 }) 601 } 602 603 func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error { 604 conn := testAccProvider.Meta().(*AWSClient).ec2conn 605 606 for _, rs := range s.RootModule().Resources { 607 if rs.Type != "aws_security_group" { 608 continue 609 } 610 611 // Retrieve our group 612 req := &ec2.DescribeSecurityGroupsInput{ 613 GroupIds: []*string{aws.String(rs.Primary.ID)}, 614 } 615 resp, err := conn.DescribeSecurityGroups(req) 616 if err == nil { 617 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 618 return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID) 619 } 620 621 return nil 622 } 623 624 ec2err, ok := err.(awserr.Error) 625 if !ok { 626 return err 627 } 628 // Confirm error code is what we want 629 if ec2err.Code() != "InvalidGroup.NotFound" { 630 return err 631 } 632 } 633 634 return nil 635 } 636 637 func testAccCheckAWSSecurityGroupGeneratedNamePrefix( 638 resource, prefix string) resource.TestCheckFunc { 639 return func(s *terraform.State) error { 640 r, ok := s.RootModule().Resources[resource] 641 if !ok { 642 return fmt.Errorf("Resource not found") 643 } 644 name, ok := r.Primary.Attributes["name"] 645 if !ok { 646 return fmt.Errorf("Name attr not found: %#v", r.Primary.Attributes) 647 } 648 if !strings.HasPrefix(name, prefix) { 649 return fmt.Errorf("Name: %q, does not have prefix: %q", name, prefix) 650 } 651 return nil 652 } 653 } 654 655 func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc { 656 return func(s *terraform.State) error { 657 rs, ok := s.RootModule().Resources[n] 658 if !ok { 659 return fmt.Errorf("Not found: %s", n) 660 } 661 662 if rs.Primary.ID == "" { 663 return fmt.Errorf("No Security Group is set") 664 } 665 666 conn := testAccProvider.Meta().(*AWSClient).ec2conn 667 req := &ec2.DescribeSecurityGroupsInput{ 668 GroupIds: []*string{aws.String(rs.Primary.ID)}, 669 } 670 resp, err := conn.DescribeSecurityGroups(req) 671 if err != nil { 672 return err 673 } 674 675 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 676 *group = *resp.SecurityGroups[0] 677 return nil 678 } 679 680 return fmt.Errorf("Security Group not found") 681 } 682 } 683 684 func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc { 685 return func(s *terraform.State) error { 686 p := &ec2.IpPermission{ 687 FromPort: aws.Int64(80), 688 ToPort: aws.Int64(8000), 689 IpProtocol: aws.String("tcp"), 690 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 691 } 692 693 if *group.GroupName != "terraform_acceptance_test_example" { 694 return fmt.Errorf("Bad name: %s", *group.GroupName) 695 } 696 697 if *group.Description != "Used in the terraform acceptance tests" { 698 return fmt.Errorf("Bad description: %s", *group.Description) 699 } 700 701 if len(group.IpPermissions) == 0 { 702 return fmt.Errorf("No IPPerms") 703 } 704 705 // Compare our ingress 706 if !reflect.DeepEqual(group.IpPermissions[0], p) { 707 return fmt.Errorf( 708 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 709 group.IpPermissions[0], 710 p) 711 } 712 713 return nil 714 } 715 } 716 717 func testAccCheckAWSSecurityGroupAttributesNegOneProtocol(group *ec2.SecurityGroup) resource.TestCheckFunc { 718 return func(s *terraform.State) error { 719 p := &ec2.IpPermission{ 720 IpProtocol: aws.String("-1"), 721 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 722 } 723 724 if *group.GroupName != "terraform_acceptance_test_example" { 725 return fmt.Errorf("Bad name: %s", *group.GroupName) 726 } 727 728 if *group.Description != "Used in the terraform acceptance tests" { 729 return fmt.Errorf("Bad description: %s", *group.Description) 730 } 731 732 if len(group.IpPermissions) == 0 { 733 return fmt.Errorf("No IPPerms") 734 } 735 736 // Compare our ingress 737 if !reflect.DeepEqual(group.IpPermissions[0], p) { 738 return fmt.Errorf( 739 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 740 group.IpPermissions[0], 741 p) 742 } 743 744 return nil 745 } 746 } 747 748 func TestAccAWSSecurityGroup_tags(t *testing.T) { 749 var group ec2.SecurityGroup 750 751 resource.Test(t, resource.TestCase{ 752 PreCheck: func() { testAccPreCheck(t) }, 753 Providers: testAccProviders, 754 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 755 Steps: []resource.TestStep{ 756 resource.TestStep{ 757 Config: testAccAWSSecurityGroupConfigTags, 758 Check: resource.ComposeTestCheckFunc( 759 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 760 testAccCheckTags(&group.Tags, "foo", "bar"), 761 ), 762 }, 763 764 resource.TestStep{ 765 Config: testAccAWSSecurityGroupConfigTagsUpdate, 766 Check: resource.ComposeTestCheckFunc( 767 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 768 testAccCheckTags(&group.Tags, "foo", ""), 769 testAccCheckTags(&group.Tags, "bar", "baz"), 770 ), 771 }, 772 }, 773 }) 774 } 775 776 func TestAccAWSSecurityGroup_CIDRandGroups(t *testing.T) { 777 var group ec2.SecurityGroup 778 779 resource.Test(t, resource.TestCase{ 780 PreCheck: func() { testAccPreCheck(t) }, 781 Providers: testAccProviders, 782 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 783 Steps: []resource.TestStep{ 784 resource.TestStep{ 785 Config: testAccAWSSecurityGroupCombindCIDRandGroups, 786 Check: resource.ComposeTestCheckFunc( 787 testAccCheckAWSSecurityGroupExists("aws_security_group.mixed", &group), 788 // testAccCheckAWSSecurityGroupAttributes(&group), 789 ), 790 }, 791 }, 792 }) 793 } 794 795 func TestAccAWSSecurityGroup_ingressWithCidrAndSGs(t *testing.T) { 796 var group ec2.SecurityGroup 797 798 resource.Test(t, resource.TestCase{ 799 PreCheck: func() { testAccPreCheck(t) }, 800 Providers: testAccProviders, 801 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 802 Steps: []resource.TestStep{ 803 resource.TestStep{ 804 Config: testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs, 805 Check: resource.ComposeTestCheckFunc( 806 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 807 testAccCheckAWSSecurityGroupSGandCidrAttributes(&group), 808 resource.TestCheckResourceAttr( 809 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 810 resource.TestCheckResourceAttr( 811 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 812 resource.TestCheckResourceAttr( 813 "aws_security_group.web", "ingress.#", "2"), 814 ), 815 }, 816 }, 817 }) 818 } 819 820 // This test requires an EC2 Classic region 821 func TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic(t *testing.T) { 822 var group ec2.SecurityGroup 823 824 resource.Test(t, resource.TestCase{ 825 PreCheck: func() { testAccPreCheck(t) }, 826 Providers: testAccProviders, 827 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 828 Steps: []resource.TestStep{ 829 resource.TestStep{ 830 Config: testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs_classic, 831 Check: resource.ComposeTestCheckFunc( 832 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 833 testAccCheckAWSSecurityGroupSGandCidrAttributes(&group), 834 resource.TestCheckResourceAttr( 835 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 836 resource.TestCheckResourceAttr( 837 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 838 resource.TestCheckResourceAttr( 839 "aws_security_group.web", "ingress.#", "2"), 840 ), 841 }, 842 }, 843 }) 844 } 845 846 func testAccCheckAWSSecurityGroupSGandCidrAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc { 847 return func(s *terraform.State) error { 848 if *group.GroupName != "terraform_acceptance_test_example" { 849 return fmt.Errorf("Bad name: %s", *group.GroupName) 850 } 851 852 if *group.Description != "Used in the terraform acceptance tests" { 853 return fmt.Errorf("Bad description: %s", *group.Description) 854 } 855 856 if len(group.IpPermissions) == 0 { 857 return fmt.Errorf("No IPPerms") 858 } 859 860 if len(group.IpPermissions) != 2 { 861 return fmt.Errorf("Expected 2 ingress rules, got %d", len(group.IpPermissions)) 862 } 863 864 for _, p := range group.IpPermissions { 865 if *p.FromPort == int64(22) { 866 if len(p.IpRanges) != 1 || p.UserIdGroupPairs != nil { 867 return fmt.Errorf("Found ip perm of 22, but not the right ipranges / pairs: %s", p) 868 } 869 continue 870 } else if *p.FromPort == int64(80) { 871 if len(p.IpRanges) != 1 || len(p.UserIdGroupPairs) != 1 { 872 return fmt.Errorf("Found ip perm of 80, but not the right ipranges / pairs: %s", p) 873 } 874 continue 875 } 876 return fmt.Errorf("Found a rouge rule") 877 } 878 879 return nil 880 } 881 } 882 883 func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroup) resource.TestCheckFunc { 884 return func(s *terraform.State) error { 885 p := []*ec2.IpPermission{ 886 &ec2.IpPermission{ 887 FromPort: aws.Int64(80), 888 ToPort: aws.Int64(9000), 889 IpProtocol: aws.String("tcp"), 890 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 891 }, 892 &ec2.IpPermission{ 893 FromPort: aws.Int64(80), 894 ToPort: aws.Int64(8000), 895 IpProtocol: aws.String("tcp"), 896 IpRanges: []*ec2.IpRange{ 897 &ec2.IpRange{ 898 CidrIp: aws.String("0.0.0.0/0"), 899 }, 900 &ec2.IpRange{ 901 CidrIp: aws.String("10.0.0.0/8"), 902 }, 903 }, 904 }, 905 } 906 907 if *group.GroupName != "terraform_acceptance_test_example" { 908 return fmt.Errorf("Bad name: %s", *group.GroupName) 909 } 910 911 if *group.Description != "Used in the terraform acceptance tests" { 912 return fmt.Errorf("Bad description: %s", *group.Description) 913 } 914 915 // Compare our ingress 916 if len(group.IpPermissions) != 2 { 917 return fmt.Errorf( 918 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 919 group.IpPermissions, 920 p) 921 } 922 923 if *group.IpPermissions[0].ToPort == 8000 { 924 group.IpPermissions[1], group.IpPermissions[0] = 925 group.IpPermissions[0], group.IpPermissions[1] 926 } 927 928 if !reflect.DeepEqual(group.IpPermissions, p) { 929 return fmt.Errorf( 930 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 931 group.IpPermissions, 932 p) 933 } 934 935 return nil 936 } 937 } 938 939 func testAccCheckAWSSecurityGroupExistsWithoutDefault(n string) resource.TestCheckFunc { 940 return func(s *terraform.State) error { 941 rs, ok := s.RootModule().Resources[n] 942 if !ok { 943 return fmt.Errorf("Not found: %s", n) 944 } 945 946 if rs.Primary.ID == "" { 947 return fmt.Errorf("No Security Group is set") 948 } 949 950 conn := testAccProvider.Meta().(*AWSClient).ec2conn 951 req := &ec2.DescribeSecurityGroupsInput{ 952 GroupIds: []*string{aws.String(rs.Primary.ID)}, 953 } 954 resp, err := conn.DescribeSecurityGroups(req) 955 if err != nil { 956 return err 957 } 958 959 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 960 group := *resp.SecurityGroups[0] 961 962 if len(group.IpPermissionsEgress) != 1 { 963 return fmt.Errorf("Security Group should have only 1 egress rule, got %d", len(group.IpPermissionsEgress)) 964 } 965 } 966 967 return nil 968 } 969 } 970 971 const testAccAWSSecurityGroupConfig = ` 972 resource "aws_vpc" "foo" { 973 cidr_block = "10.1.0.0/16" 974 } 975 976 resource "aws_security_group" "web" { 977 name = "terraform_acceptance_test_example" 978 description = "Used in the terraform acceptance tests" 979 vpc_id = "${aws_vpc.foo.id}" 980 981 ingress { 982 protocol = "6" 983 from_port = 80 984 to_port = 8000 985 cidr_blocks = ["10.0.0.0/8"] 986 } 987 988 egress { 989 protocol = "tcp" 990 from_port = 80 991 to_port = 8000 992 cidr_blocks = ["10.0.0.0/8"] 993 } 994 995 tags { 996 Name = "tf-acc-test" 997 } 998 } 999 ` 1000 1001 const testAccAWSSecurityGroupConfigChange = ` 1002 resource "aws_vpc" "foo" { 1003 cidr_block = "10.1.0.0/16" 1004 } 1005 1006 resource "aws_security_group" "web" { 1007 name = "terraform_acceptance_test_example" 1008 description = "Used in the terraform acceptance tests" 1009 vpc_id = "${aws_vpc.foo.id}" 1010 1011 ingress { 1012 protocol = "tcp" 1013 from_port = 80 1014 to_port = 9000 1015 cidr_blocks = ["10.0.0.0/8"] 1016 } 1017 1018 ingress { 1019 protocol = "tcp" 1020 from_port = 80 1021 to_port = 8000 1022 cidr_blocks = ["0.0.0.0/0", "10.0.0.0/8"] 1023 } 1024 1025 egress { 1026 protocol = "tcp" 1027 from_port = 80 1028 to_port = 8000 1029 cidr_blocks = ["10.0.0.0/8"] 1030 } 1031 } 1032 ` 1033 1034 const testAccAWSSecurityGroupConfigSelf = ` 1035 resource "aws_vpc" "foo" { 1036 cidr_block = "10.1.0.0/16" 1037 } 1038 1039 resource "aws_security_group" "web" { 1040 name = "terraform_acceptance_test_example" 1041 description = "Used in the terraform acceptance tests" 1042 vpc_id = "${aws_vpc.foo.id}" 1043 1044 ingress { 1045 protocol = "tcp" 1046 from_port = 80 1047 to_port = 8000 1048 self = true 1049 } 1050 1051 egress { 1052 protocol = "tcp" 1053 from_port = 80 1054 to_port = 8000 1055 cidr_blocks = ["10.0.0.0/8"] 1056 } 1057 } 1058 ` 1059 1060 const testAccAWSSecurityGroupConfigVpc = ` 1061 resource "aws_vpc" "foo" { 1062 cidr_block = "10.1.0.0/16" 1063 } 1064 1065 resource "aws_security_group" "web" { 1066 name = "terraform_acceptance_test_example" 1067 description = "Used in the terraform acceptance tests" 1068 vpc_id = "${aws_vpc.foo.id}" 1069 1070 ingress { 1071 protocol = "tcp" 1072 from_port = 80 1073 to_port = 8000 1074 cidr_blocks = ["10.0.0.0/8"] 1075 } 1076 1077 egress { 1078 protocol = "tcp" 1079 from_port = 80 1080 to_port = 8000 1081 cidr_blocks = ["10.0.0.0/8"] 1082 } 1083 } 1084 ` 1085 1086 const testAccAWSSecurityGroupConfigVpcNegOneIngress = ` 1087 resource "aws_vpc" "foo" { 1088 cidr_block = "10.1.0.0/16" 1089 } 1090 1091 resource "aws_security_group" "web" { 1092 name = "terraform_acceptance_test_example" 1093 description = "Used in the terraform acceptance tests" 1094 vpc_id = "${aws_vpc.foo.id}" 1095 1096 ingress { 1097 protocol = "-1" 1098 from_port = 0 1099 to_port = 0 1100 cidr_blocks = ["10.0.0.0/8"] 1101 } 1102 } 1103 ` 1104 const testAccAWSSecurityGroupConfigMultiIngress = ` 1105 resource "aws_vpc" "foo" { 1106 cidr_block = "10.1.0.0/16" 1107 } 1108 1109 resource "aws_security_group" "worker" { 1110 name = "terraform_acceptance_test_example_1" 1111 description = "Used in the terraform acceptance tests" 1112 vpc_id = "${aws_vpc.foo.id}" 1113 1114 ingress { 1115 protocol = "tcp" 1116 from_port = 80 1117 to_port = 8000 1118 cidr_blocks = ["10.0.0.0/8"] 1119 } 1120 1121 egress { 1122 protocol = "tcp" 1123 from_port = 80 1124 to_port = 8000 1125 cidr_blocks = ["10.0.0.0/8"] 1126 } 1127 } 1128 1129 resource "aws_security_group" "web" { 1130 name = "terraform_acceptance_test_example_2" 1131 description = "Used in the terraform acceptance tests" 1132 vpc_id = "${aws_vpc.foo.id}" 1133 1134 ingress { 1135 protocol = "tcp" 1136 from_port = 22 1137 to_port = 22 1138 cidr_blocks = ["10.0.0.0/8"] 1139 } 1140 1141 ingress { 1142 protocol = "tcp" 1143 from_port = 800 1144 to_port = 800 1145 cidr_blocks = ["10.0.0.0/8"] 1146 } 1147 1148 ingress { 1149 protocol = "tcp" 1150 from_port = 80 1151 to_port = 8000 1152 security_groups = ["${aws_security_group.worker.id}"] 1153 } 1154 1155 egress { 1156 protocol = "tcp" 1157 from_port = 80 1158 to_port = 8000 1159 cidr_blocks = ["10.0.0.0/8"] 1160 } 1161 } 1162 ` 1163 1164 const testAccAWSSecurityGroupConfigTags = ` 1165 resource "aws_vpc" "foo" { 1166 cidr_block = "10.1.0.0/16" 1167 } 1168 1169 resource "aws_security_group" "foo" { 1170 name = "terraform_acceptance_test_example" 1171 description = "Used in the terraform acceptance tests" 1172 vpc_id = "${aws_vpc.foo.id}" 1173 1174 ingress { 1175 protocol = "tcp" 1176 from_port = 80 1177 to_port = 8000 1178 cidr_blocks = ["10.0.0.0/8"] 1179 } 1180 1181 egress { 1182 protocol = "tcp" 1183 from_port = 80 1184 to_port = 8000 1185 cidr_blocks = ["10.0.0.0/8"] 1186 } 1187 1188 tags { 1189 foo = "bar" 1190 } 1191 } 1192 ` 1193 1194 const testAccAWSSecurityGroupConfigTagsUpdate = ` 1195 resource "aws_vpc" "foo" { 1196 cidr_block = "10.1.0.0/16" 1197 } 1198 1199 resource "aws_security_group" "foo" { 1200 name = "terraform_acceptance_test_example" 1201 description = "Used in the terraform acceptance tests" 1202 vpc_id = "${aws_vpc.foo.id}" 1203 1204 ingress { 1205 protocol = "tcp" 1206 from_port = 80 1207 to_port = 8000 1208 cidr_blocks = ["10.0.0.0/8"] 1209 } 1210 1211 egress { 1212 protocol = "tcp" 1213 from_port = 80 1214 to_port = 8000 1215 cidr_blocks = ["10.0.0.0/8"] 1216 } 1217 1218 tags { 1219 bar = "baz" 1220 } 1221 } 1222 ` 1223 1224 const testAccAWSSecurityGroupConfig_generatedName = ` 1225 resource "aws_vpc" "foo" { 1226 cidr_block = "10.1.0.0/16" 1227 } 1228 1229 resource "aws_security_group" "web" { 1230 vpc_id = "${aws_vpc.foo.id}" 1231 1232 ingress { 1233 protocol = "tcp" 1234 from_port = 80 1235 to_port = 8000 1236 cidr_blocks = ["10.0.0.0/8"] 1237 } 1238 1239 egress { 1240 protocol = "tcp" 1241 from_port = 80 1242 to_port = 8000 1243 cidr_blocks = ["10.0.0.0/8"] 1244 } 1245 1246 tags { 1247 Name = "tf-acc-test" 1248 } 1249 } 1250 ` 1251 1252 const testAccAWSSecurityGroupConfigDefaultEgress = ` 1253 resource "aws_vpc" "tf_sg_egress_test" { 1254 cidr_block = "10.0.0.0/16" 1255 tags { 1256 Name = "tf_sg_egress_test" 1257 } 1258 } 1259 1260 resource "aws_security_group" "worker" { 1261 name = "terraform_acceptance_test_example_1" 1262 description = "Used in the terraform acceptance tests" 1263 vpc_id = "${aws_vpc.tf_sg_egress_test.id}" 1264 1265 egress { 1266 protocol = "tcp" 1267 from_port = 80 1268 to_port = 8000 1269 cidr_blocks = ["10.0.0.0/8"] 1270 } 1271 } 1272 ` 1273 1274 const testAccAWSSecurityGroupConfigClassic = ` 1275 provider "aws" { 1276 region = "us-east-1" 1277 } 1278 1279 resource "aws_security_group" "web" { 1280 name = "terraform_acceptance_test_example_1" 1281 description = "Used in the terraform acceptance tests" 1282 } 1283 ` 1284 1285 const testAccAWSSecurityGroupPrefixNameConfig = ` 1286 provider "aws" { 1287 region = "us-east-1" 1288 } 1289 1290 resource "aws_security_group" "baz" { 1291 name_prefix = "baz-" 1292 description = "Used in the terraform acceptance tests" 1293 } 1294 ` 1295 1296 func testAccAWSSecurityGroupConfig_drift() string { 1297 return fmt.Sprintf(` 1298 resource "aws_security_group" "web" { 1299 name = "tf_acc_%d" 1300 description = "Used in the terraform acceptance tests" 1301 1302 ingress { 1303 protocol = "tcp" 1304 from_port = 80 1305 to_port = 8000 1306 cidr_blocks = ["10.0.0.0/8"] 1307 } 1308 1309 ingress { 1310 protocol = "tcp" 1311 from_port = 80 1312 to_port = 8000 1313 cidr_blocks = ["206.0.0.0/8"] 1314 } 1315 1316 tags { 1317 Name = "tf-acc-test" 1318 } 1319 } 1320 `, acctest.RandInt()) 1321 } 1322 1323 func testAccAWSSecurityGroupConfig_drift_complex() string { 1324 return fmt.Sprintf(` 1325 resource "aws_vpc" "foo" { 1326 cidr_block = "10.1.0.0/16" 1327 } 1328 1329 resource "aws_security_group" "otherweb" { 1330 name = "tf_acc_%d" 1331 description = "Used in the terraform acceptance tests" 1332 vpc_id = "${aws_vpc.foo.id}" 1333 } 1334 1335 resource "aws_security_group" "web" { 1336 name = "tf_acc_%d" 1337 description = "Used in the terraform acceptance tests" 1338 vpc_id = "${aws_vpc.foo.id}" 1339 1340 ingress { 1341 protocol = "tcp" 1342 from_port = 80 1343 to_port = 8000 1344 cidr_blocks = ["10.0.0.0/8"] 1345 } 1346 1347 ingress { 1348 protocol = "tcp" 1349 from_port = 80 1350 to_port = 8000 1351 cidr_blocks = ["206.0.0.0/8"] 1352 } 1353 1354 ingress { 1355 protocol = "tcp" 1356 from_port = 22 1357 to_port = 22 1358 security_groups = ["${aws_security_group.otherweb.id}"] 1359 } 1360 1361 egress { 1362 protocol = "tcp" 1363 from_port = 80 1364 to_port = 8000 1365 cidr_blocks = ["206.0.0.0/8"] 1366 } 1367 1368 egress { 1369 protocol = "tcp" 1370 from_port = 80 1371 to_port = 8000 1372 cidr_blocks = ["10.0.0.0/8"] 1373 } 1374 1375 egress { 1376 protocol = "tcp" 1377 from_port = 22 1378 to_port = 22 1379 security_groups = ["${aws_security_group.otherweb.id}"] 1380 } 1381 1382 tags { 1383 Name = "tf-acc-test" 1384 } 1385 }`, acctest.RandInt(), acctest.RandInt()) 1386 } 1387 1388 const testAccAWSSecurityGroupCombindCIDRandGroups = ` 1389 resource "aws_vpc" "foo" { 1390 cidr_block = "10.1.0.0/16" 1391 } 1392 1393 resource "aws_security_group" "two" { 1394 name = "tf-test-1" 1395 vpc_id = "${aws_vpc.foo.id}" 1396 tags { 1397 Name = "tf-test-1" 1398 } 1399 } 1400 1401 resource "aws_security_group" "one" { 1402 name = "tf-test-2" 1403 vpc_id = "${aws_vpc.foo.id}" 1404 tags { 1405 Name = "tf-test-w" 1406 } 1407 } 1408 1409 resource "aws_security_group" "three" { 1410 name = "tf-test-3" 1411 vpc_id = "${aws_vpc.foo.id}" 1412 tags { 1413 Name = "tf-test-3" 1414 } 1415 } 1416 1417 resource "aws_security_group" "mixed" { 1418 name = "tf-mix-test" 1419 vpc_id = "${aws_vpc.foo.id}" 1420 1421 ingress { 1422 from_port = 80 1423 to_port = 80 1424 protocol = "tcp" 1425 cidr_blocks = ["10.0.0.0/16", "10.1.0.0/16", "10.7.0.0/16"] 1426 1427 security_groups = [ 1428 "${aws_security_group.one.id}", 1429 "${aws_security_group.two.id}", 1430 "${aws_security_group.three.id}", 1431 ] 1432 } 1433 1434 tags { 1435 Name = "tf-mix-test" 1436 } 1437 } 1438 ` 1439 1440 const testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs = ` 1441 resource "aws_vpc" "foo" { 1442 cidr_block = "10.1.0.0/16" 1443 } 1444 1445 resource "aws_security_group" "other_web" { 1446 name = "tf_other_acc_tests" 1447 description = "Used in the terraform acceptance tests" 1448 vpc_id = "${aws_vpc.foo.id}" 1449 1450 tags { 1451 Name = "tf-acc-test" 1452 } 1453 } 1454 1455 resource "aws_security_group" "web" { 1456 name = "terraform_acceptance_test_example" 1457 description = "Used in the terraform acceptance tests" 1458 vpc_id = "${aws_vpc.foo.id}" 1459 1460 ingress { 1461 protocol = "tcp" 1462 from_port = "22" 1463 to_port = "22" 1464 1465 cidr_blocks = [ 1466 "192.168.0.1/32", 1467 ] 1468 } 1469 1470 ingress { 1471 protocol = "tcp" 1472 from_port = 80 1473 to_port = 8000 1474 cidr_blocks = ["10.0.0.0/8"] 1475 security_groups = ["${aws_security_group.other_web.id}"] 1476 } 1477 1478 egress { 1479 protocol = "tcp" 1480 from_port = 80 1481 to_port = 8000 1482 cidr_blocks = ["10.0.0.0/8"] 1483 } 1484 1485 tags { 1486 Name = "tf-acc-test" 1487 } 1488 } 1489 ` 1490 1491 const testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs_classic = ` 1492 provider "aws" { 1493 region = "us-east-1" 1494 } 1495 1496 resource "aws_security_group" "other_web" { 1497 name = "tf_other_acc_tests" 1498 description = "Used in the terraform acceptance tests" 1499 1500 tags { 1501 Name = "tf-acc-test" 1502 } 1503 } 1504 1505 resource "aws_security_group" "web" { 1506 name = "terraform_acceptance_test_example" 1507 description = "Used in the terraform acceptance tests" 1508 1509 ingress { 1510 protocol = "tcp" 1511 from_port = "22" 1512 to_port = "22" 1513 1514 cidr_blocks = [ 1515 "192.168.0.1/32", 1516 ] 1517 } 1518 1519 ingress { 1520 protocol = "tcp" 1521 from_port = 80 1522 to_port = 8000 1523 cidr_blocks = ["10.0.0.0/8"] 1524 security_groups = ["${aws_security_group.other_web.name}"] 1525 } 1526 1527 tags { 1528 Name = "tf-acc-test" 1529 } 1530 } 1531 `