github.com/paulmey/terraform@v0.5.2-0.20150519145237-046e9b4c884d/builtin/providers/aws/resource_aws_security_group_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "strings" 7 "testing" 8 9 "github.com/awslabs/aws-sdk-go/aws" 10 "github.com/awslabs/aws-sdk-go/service/ec2" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSSecurityGroup_normal(t *testing.T) { 16 var group ec2.SecurityGroup 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 22 Steps: []resource.TestStep{ 23 resource.TestStep{ 24 Config: testAccAWSSecurityGroupConfig, 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 27 testAccCheckAWSSecurityGroupAttributes(&group), 28 resource.TestCheckResourceAttr( 29 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 30 resource.TestCheckResourceAttr( 31 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 32 resource.TestCheckResourceAttr( 33 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 34 resource.TestCheckResourceAttr( 35 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 36 resource.TestCheckResourceAttr( 37 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 38 resource.TestCheckResourceAttr( 39 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 40 resource.TestCheckResourceAttr( 41 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 42 ), 43 }, 44 }, 45 }) 46 } 47 48 func TestAccAWSSecurityGroup_self(t *testing.T) { 49 var group ec2.SecurityGroup 50 51 checkSelf := func(s *terraform.State) (err error) { 52 defer func() { 53 if e := recover(); e != nil { 54 err = fmt.Errorf("bad: %#v", group) 55 } 56 }() 57 58 if *group.IPPermissions[0].UserIDGroupPairs[0].GroupID != *group.GroupID { 59 return fmt.Errorf("bad: %#v", group) 60 } 61 62 return nil 63 } 64 65 resource.Test(t, resource.TestCase{ 66 PreCheck: func() { testAccPreCheck(t) }, 67 Providers: testAccProviders, 68 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 69 Steps: []resource.TestStep{ 70 resource.TestStep{ 71 Config: testAccAWSSecurityGroupConfigSelf, 72 Check: resource.ComposeTestCheckFunc( 73 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 74 resource.TestCheckResourceAttr( 75 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 76 resource.TestCheckResourceAttr( 77 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 78 resource.TestCheckResourceAttr( 79 "aws_security_group.web", "ingress.3971148406.protocol", "tcp"), 80 resource.TestCheckResourceAttr( 81 "aws_security_group.web", "ingress.3971148406.from_port", "80"), 82 resource.TestCheckResourceAttr( 83 "aws_security_group.web", "ingress.3971148406.to_port", "8000"), 84 resource.TestCheckResourceAttr( 85 "aws_security_group.web", "ingress.3971148406.self", "true"), 86 checkSelf, 87 ), 88 }, 89 }, 90 }) 91 } 92 93 func TestAccAWSSecurityGroup_vpc(t *testing.T) { 94 var group ec2.SecurityGroup 95 96 testCheck := func(*terraform.State) error { 97 if *group.VPCID == "" { 98 return fmt.Errorf("should have vpc ID") 99 } 100 101 return nil 102 } 103 104 resource.Test(t, resource.TestCase{ 105 PreCheck: func() { testAccPreCheck(t) }, 106 Providers: testAccProviders, 107 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 108 Steps: []resource.TestStep{ 109 resource.TestStep{ 110 Config: testAccAWSSecurityGroupConfigVpc, 111 Check: resource.ComposeTestCheckFunc( 112 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 113 testAccCheckAWSSecurityGroupAttributes(&group), 114 resource.TestCheckResourceAttr( 115 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 116 resource.TestCheckResourceAttr( 117 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 118 resource.TestCheckResourceAttr( 119 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 120 resource.TestCheckResourceAttr( 121 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 122 resource.TestCheckResourceAttr( 123 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 124 resource.TestCheckResourceAttr( 125 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 126 resource.TestCheckResourceAttr( 127 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 128 resource.TestCheckResourceAttr( 129 "aws_security_group.web", "egress.3629188364.protocol", "tcp"), 130 resource.TestCheckResourceAttr( 131 "aws_security_group.web", "egress.3629188364.from_port", "80"), 132 resource.TestCheckResourceAttr( 133 "aws_security_group.web", "egress.3629188364.to_port", "8000"), 134 resource.TestCheckResourceAttr( 135 "aws_security_group.web", "egress.3629188364.cidr_blocks.#", "1"), 136 resource.TestCheckResourceAttr( 137 "aws_security_group.web", "egress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 138 testCheck, 139 ), 140 }, 141 }, 142 }) 143 } 144 145 func TestAccAWSSecurityGroup_vpcNegOneIngress(t *testing.T) { 146 var group ec2.SecurityGroup 147 148 testCheck := func(*terraform.State) error { 149 if *group.VPCID == "" { 150 return fmt.Errorf("should have vpc ID") 151 } 152 153 return nil 154 } 155 156 resource.Test(t, resource.TestCase{ 157 PreCheck: func() { testAccPreCheck(t) }, 158 Providers: testAccProviders, 159 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 160 Steps: []resource.TestStep{ 161 resource.TestStep{ 162 Config: testAccAWSSecurityGroupConfigVpcNegOneIngress, 163 Check: resource.ComposeTestCheckFunc( 164 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 165 testAccCheckAWSSecurityGroupAttributesNegOneProtocol(&group), 166 resource.TestCheckResourceAttr( 167 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 168 resource.TestCheckResourceAttr( 169 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 170 resource.TestCheckResourceAttr( 171 "aws_security_group.web", "ingress.956249133.protocol", "-1"), 172 resource.TestCheckResourceAttr( 173 "aws_security_group.web", "ingress.956249133.from_port", "0"), 174 resource.TestCheckResourceAttr( 175 "aws_security_group.web", "ingress.956249133.to_port", "0"), 176 resource.TestCheckResourceAttr( 177 "aws_security_group.web", "ingress.956249133.cidr_blocks.#", "1"), 178 resource.TestCheckResourceAttr( 179 "aws_security_group.web", "ingress.956249133.cidr_blocks.0", "10.0.0.0/8"), 180 testCheck, 181 ), 182 }, 183 }, 184 }) 185 } 186 func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) { 187 var group ec2.SecurityGroup 188 189 resource.Test(t, resource.TestCase{ 190 PreCheck: func() { testAccPreCheck(t) }, 191 Providers: testAccProviders, 192 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 193 Steps: []resource.TestStep{ 194 resource.TestStep{ 195 Config: testAccAWSSecurityGroupConfigMultiIngress, 196 Check: resource.ComposeTestCheckFunc( 197 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 198 ), 199 }, 200 }, 201 }) 202 } 203 204 func TestAccAWSSecurityGroup_Change(t *testing.T) { 205 var group ec2.SecurityGroup 206 207 resource.Test(t, resource.TestCase{ 208 PreCheck: func() { testAccPreCheck(t) }, 209 Providers: testAccProviders, 210 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 211 Steps: []resource.TestStep{ 212 resource.TestStep{ 213 Config: testAccAWSSecurityGroupConfig, 214 Check: resource.ComposeTestCheckFunc( 215 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 216 ), 217 }, 218 resource.TestStep{ 219 Config: testAccAWSSecurityGroupConfigChange, 220 Check: resource.ComposeTestCheckFunc( 221 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 222 testAccCheckAWSSecurityGroupAttributesChanged(&group), 223 ), 224 }, 225 }, 226 }) 227 } 228 229 func TestAccAWSSecurityGroup_generatedName(t *testing.T) { 230 var group ec2.SecurityGroup 231 232 resource.Test(t, resource.TestCase{ 233 PreCheck: func() { testAccPreCheck(t) }, 234 Providers: testAccProviders, 235 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 236 Steps: []resource.TestStep{ 237 resource.TestStep{ 238 Config: testAccAWSSecurityGroupConfig_generatedName, 239 Check: resource.ComposeTestCheckFunc( 240 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 241 resource.TestCheckResourceAttr( 242 "aws_security_group.web", "description", "Managed by Terraform"), 243 func(s *terraform.State) error { 244 if group.GroupName == nil { 245 return fmt.Errorf("bad: No SG name") 246 } 247 if !strings.HasPrefix(*group.GroupName, "terraform-") { 248 return fmt.Errorf("No terraform- prefix: %s", *group.GroupName) 249 } 250 return nil 251 }, 252 ), 253 }, 254 }, 255 }) 256 } 257 258 func TestAccAWSSecurityGroup_DefaultEgress(t *testing.T) { 259 260 // VPC 261 resource.Test(t, resource.TestCase{ 262 PreCheck: func() { testAccPreCheck(t) }, 263 Providers: testAccProviders, 264 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 265 Steps: []resource.TestStep{ 266 resource.TestStep{ 267 Config: testAccAWSSecurityGroupConfigDefaultEgress, 268 Check: resource.ComposeTestCheckFunc( 269 testAccCheckAWSSecurityGroupExistsWithoutDefault("aws_security_group.worker"), 270 ), 271 }, 272 }, 273 }) 274 275 // Classic 276 var group ec2.SecurityGroup 277 resource.Test(t, resource.TestCase{ 278 PreCheck: func() { testAccPreCheck(t) }, 279 Providers: testAccProviders, 280 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 281 Steps: []resource.TestStep{ 282 resource.TestStep{ 283 Config: testAccAWSSecurityGroupConfigClassic, 284 Check: resource.ComposeTestCheckFunc( 285 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 286 ), 287 }, 288 }, 289 }) 290 } 291 292 func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error { 293 conn := testAccProvider.Meta().(*AWSClient).ec2conn 294 295 for _, rs := range s.RootModule().Resources { 296 if rs.Type != "aws_security_group" { 297 continue 298 } 299 300 // Retrieve our group 301 req := &ec2.DescribeSecurityGroupsInput{ 302 GroupIDs: []*string{aws.String(rs.Primary.ID)}, 303 } 304 resp, err := conn.DescribeSecurityGroups(req) 305 if err == nil { 306 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupID == rs.Primary.ID { 307 return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID) 308 } 309 310 return nil 311 } 312 313 ec2err, ok := err.(aws.APIError) 314 if !ok { 315 return err 316 } 317 // Confirm error code is what we want 318 if ec2err.Code != "InvalidGroup.NotFound" { 319 return err 320 } 321 } 322 323 return nil 324 } 325 326 func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc { 327 return func(s *terraform.State) error { 328 rs, ok := s.RootModule().Resources[n] 329 if !ok { 330 return fmt.Errorf("Not found: %s", n) 331 } 332 333 if rs.Primary.ID == "" { 334 return fmt.Errorf("No Security Group is set") 335 } 336 337 conn := testAccProvider.Meta().(*AWSClient).ec2conn 338 req := &ec2.DescribeSecurityGroupsInput{ 339 GroupIDs: []*string{aws.String(rs.Primary.ID)}, 340 } 341 resp, err := conn.DescribeSecurityGroups(req) 342 if err != nil { 343 return err 344 } 345 346 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupID == rs.Primary.ID { 347 *group = *resp.SecurityGroups[0] 348 return nil 349 } 350 351 return fmt.Errorf("Security Group not found") 352 } 353 } 354 355 func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc { 356 return func(s *terraform.State) error { 357 p := &ec2.IPPermission{ 358 FromPort: aws.Long(80), 359 ToPort: aws.Long(8000), 360 IPProtocol: aws.String("tcp"), 361 IPRanges: []*ec2.IPRange{&ec2.IPRange{CIDRIP: aws.String("10.0.0.0/8")}}, 362 } 363 364 if *group.GroupName != "terraform_acceptance_test_example" { 365 return fmt.Errorf("Bad name: %s", *group.GroupName) 366 } 367 368 if *group.Description != "Used in the terraform acceptance tests" { 369 return fmt.Errorf("Bad description: %s", *group.Description) 370 } 371 372 if len(group.IPPermissions) == 0 { 373 return fmt.Errorf("No IPPerms") 374 } 375 376 // Compare our ingress 377 if !reflect.DeepEqual(group.IPPermissions[0], p) { 378 return fmt.Errorf( 379 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 380 group.IPPermissions[0], 381 p) 382 } 383 384 return nil 385 } 386 } 387 388 func testAccCheckAWSSecurityGroupAttributesNegOneProtocol(group *ec2.SecurityGroup) resource.TestCheckFunc { 389 return func(s *terraform.State) error { 390 p := &ec2.IPPermission{ 391 IPProtocol: aws.String("-1"), 392 IPRanges: []*ec2.IPRange{&ec2.IPRange{CIDRIP: aws.String("10.0.0.0/8")}}, 393 } 394 395 if *group.GroupName != "terraform_acceptance_test_example" { 396 return fmt.Errorf("Bad name: %s", *group.GroupName) 397 } 398 399 if *group.Description != "Used in the terraform acceptance tests" { 400 return fmt.Errorf("Bad description: %s", *group.Description) 401 } 402 403 if len(group.IPPermissions) == 0 { 404 return fmt.Errorf("No IPPerms") 405 } 406 407 // Compare our ingress 408 if !reflect.DeepEqual(group.IPPermissions[0], p) { 409 return fmt.Errorf( 410 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 411 group.IPPermissions[0], 412 p) 413 } 414 415 return nil 416 } 417 } 418 419 func TestAccAWSSecurityGroup_tags(t *testing.T) { 420 var group ec2.SecurityGroup 421 422 resource.Test(t, resource.TestCase{ 423 PreCheck: func() { testAccPreCheck(t) }, 424 Providers: testAccProviders, 425 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 426 Steps: []resource.TestStep{ 427 resource.TestStep{ 428 Config: testAccAWSSecurityGroupConfigTags, 429 Check: resource.ComposeTestCheckFunc( 430 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 431 testAccCheckTags(&group.Tags, "foo", "bar"), 432 ), 433 }, 434 435 resource.TestStep{ 436 Config: testAccAWSSecurityGroupConfigTagsUpdate, 437 Check: resource.ComposeTestCheckFunc( 438 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 439 testAccCheckTags(&group.Tags, "foo", ""), 440 testAccCheckTags(&group.Tags, "bar", "baz"), 441 ), 442 }, 443 }, 444 }) 445 } 446 447 func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroup) resource.TestCheckFunc { 448 return func(s *terraform.State) error { 449 p := []*ec2.IPPermission{ 450 &ec2.IPPermission{ 451 FromPort: aws.Long(80), 452 ToPort: aws.Long(9000), 453 IPProtocol: aws.String("tcp"), 454 IPRanges: []*ec2.IPRange{&ec2.IPRange{CIDRIP: aws.String("10.0.0.0/8")}}, 455 }, 456 &ec2.IPPermission{ 457 FromPort: aws.Long(80), 458 ToPort: aws.Long(8000), 459 IPProtocol: aws.String("tcp"), 460 IPRanges: []*ec2.IPRange{ 461 &ec2.IPRange{ 462 CIDRIP: aws.String("0.0.0.0/0"), 463 }, 464 &ec2.IPRange{ 465 CIDRIP: aws.String("10.0.0.0/8"), 466 }, 467 }, 468 }, 469 } 470 471 if *group.GroupName != "terraform_acceptance_test_example" { 472 return fmt.Errorf("Bad name: %s", *group.GroupName) 473 } 474 475 if *group.Description != "Used in the terraform acceptance tests" { 476 return fmt.Errorf("Bad description: %s", *group.Description) 477 } 478 479 // Compare our ingress 480 if len(group.IPPermissions) != 2 { 481 return fmt.Errorf( 482 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 483 group.IPPermissions, 484 p) 485 } 486 487 if *group.IPPermissions[0].ToPort == 8000 { 488 group.IPPermissions[1], group.IPPermissions[0] = 489 group.IPPermissions[0], group.IPPermissions[1] 490 } 491 492 if !reflect.DeepEqual(group.IPPermissions, p) { 493 return fmt.Errorf( 494 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 495 group.IPPermissions, 496 p) 497 } 498 499 return nil 500 } 501 } 502 503 func testAccCheckAWSSecurityGroupExistsWithoutDefault(n string) resource.TestCheckFunc { 504 return func(s *terraform.State) error { 505 rs, ok := s.RootModule().Resources[n] 506 if !ok { 507 return fmt.Errorf("Not found: %s", n) 508 } 509 510 if rs.Primary.ID == "" { 511 return fmt.Errorf("No Security Group is set") 512 } 513 514 conn := testAccProvider.Meta().(*AWSClient).ec2conn 515 req := &ec2.DescribeSecurityGroupsInput{ 516 GroupIDs: []*string{aws.String(rs.Primary.ID)}, 517 } 518 resp, err := conn.DescribeSecurityGroups(req) 519 if err != nil { 520 return err 521 } 522 523 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupID == rs.Primary.ID { 524 group := *resp.SecurityGroups[0] 525 526 if len(group.IPPermissionsEgress) != 1 { 527 return fmt.Errorf("Security Group should have only 1 egress rule, got %d", len(group.IPPermissionsEgress)) 528 } 529 } 530 531 return nil 532 } 533 } 534 535 const testAccAWSSecurityGroupConfig = ` 536 resource "aws_security_group" "web" { 537 name = "terraform_acceptance_test_example" 538 description = "Used in the terraform acceptance tests" 539 540 ingress { 541 protocol = "tcp" 542 from_port = 80 543 to_port = 8000 544 cidr_blocks = ["10.0.0.0/8"] 545 } 546 547 egress { 548 protocol = "tcp" 549 from_port = 80 550 to_port = 8000 551 cidr_blocks = ["10.0.0.0/8"] 552 } 553 554 tags { 555 Name = "tf-acc-test" 556 } 557 } 558 ` 559 560 const testAccAWSSecurityGroupConfigChange = ` 561 resource "aws_security_group" "web" { 562 name = "terraform_acceptance_test_example" 563 description = "Used in the terraform acceptance tests" 564 565 ingress { 566 protocol = "tcp" 567 from_port = 80 568 to_port = 9000 569 cidr_blocks = ["10.0.0.0/8"] 570 } 571 572 ingress { 573 protocol = "tcp" 574 from_port = 80 575 to_port = 8000 576 cidr_blocks = ["0.0.0.0/0", "10.0.0.0/8"] 577 } 578 579 egress { 580 protocol = "tcp" 581 from_port = 80 582 to_port = 8000 583 cidr_blocks = ["10.0.0.0/8"] 584 } 585 } 586 ` 587 588 const testAccAWSSecurityGroupConfigSelf = ` 589 resource "aws_security_group" "web" { 590 name = "terraform_acceptance_test_example" 591 description = "Used in the terraform acceptance tests" 592 593 ingress { 594 protocol = "tcp" 595 from_port = 80 596 to_port = 8000 597 self = true 598 } 599 600 egress { 601 protocol = "tcp" 602 from_port = 80 603 to_port = 8000 604 cidr_blocks = ["10.0.0.0/8"] 605 } 606 } 607 ` 608 609 const testAccAWSSecurityGroupConfigVpc = ` 610 resource "aws_vpc" "foo" { 611 cidr_block = "10.1.0.0/16" 612 } 613 614 resource "aws_security_group" "web" { 615 name = "terraform_acceptance_test_example" 616 description = "Used in the terraform acceptance tests" 617 vpc_id = "${aws_vpc.foo.id}" 618 619 ingress { 620 protocol = "tcp" 621 from_port = 80 622 to_port = 8000 623 cidr_blocks = ["10.0.0.0/8"] 624 } 625 626 egress { 627 protocol = "tcp" 628 from_port = 80 629 to_port = 8000 630 cidr_blocks = ["10.0.0.0/8"] 631 } 632 } 633 ` 634 635 const testAccAWSSecurityGroupConfigVpcNegOneIngress = ` 636 resource "aws_vpc" "foo" { 637 cidr_block = "10.1.0.0/16" 638 } 639 640 resource "aws_security_group" "web" { 641 name = "terraform_acceptance_test_example" 642 description = "Used in the terraform acceptance tests" 643 vpc_id = "${aws_vpc.foo.id}" 644 645 ingress { 646 protocol = "-1" 647 from_port = 0 648 to_port = 0 649 cidr_blocks = ["10.0.0.0/8"] 650 } 651 } 652 ` 653 const testAccAWSSecurityGroupConfigMultiIngress = ` 654 resource "aws_security_group" "worker" { 655 name = "terraform_acceptance_test_example_1" 656 description = "Used in the terraform acceptance tests" 657 658 ingress { 659 protocol = "tcp" 660 from_port = 80 661 to_port = 8000 662 cidr_blocks = ["10.0.0.0/8"] 663 } 664 665 egress { 666 protocol = "tcp" 667 from_port = 80 668 to_port = 8000 669 cidr_blocks = ["10.0.0.0/8"] 670 } 671 } 672 673 resource "aws_security_group" "web" { 674 name = "terraform_acceptance_test_example_2" 675 description = "Used in the terraform acceptance tests" 676 677 ingress { 678 protocol = "tcp" 679 from_port = 22 680 to_port = 22 681 cidr_blocks = ["10.0.0.0/8"] 682 } 683 684 ingress { 685 protocol = "tcp" 686 from_port = 800 687 to_port = 800 688 cidr_blocks = ["10.0.0.0/8"] 689 } 690 691 ingress { 692 protocol = "tcp" 693 from_port = 80 694 to_port = 8000 695 security_groups = ["${aws_security_group.worker.id}"] 696 } 697 698 egress { 699 protocol = "tcp" 700 from_port = 80 701 to_port = 8000 702 cidr_blocks = ["10.0.0.0/8"] 703 } 704 } 705 ` 706 707 const testAccAWSSecurityGroupConfigTags = ` 708 resource "aws_security_group" "foo" { 709 name = "terraform_acceptance_test_example" 710 description = "Used in the terraform acceptance tests" 711 712 ingress { 713 protocol = "tcp" 714 from_port = 80 715 to_port = 8000 716 cidr_blocks = ["10.0.0.0/8"] 717 } 718 719 egress { 720 protocol = "tcp" 721 from_port = 80 722 to_port = 8000 723 cidr_blocks = ["10.0.0.0/8"] 724 } 725 726 tags { 727 foo = "bar" 728 } 729 } 730 ` 731 732 const testAccAWSSecurityGroupConfigTagsUpdate = ` 733 resource "aws_security_group" "foo" { 734 name = "terraform_acceptance_test_example" 735 description = "Used in the terraform acceptance tests" 736 737 ingress { 738 protocol = "tcp" 739 from_port = 80 740 to_port = 8000 741 cidr_blocks = ["10.0.0.0/8"] 742 } 743 744 egress { 745 protocol = "tcp" 746 from_port = 80 747 to_port = 8000 748 cidr_blocks = ["10.0.0.0/8"] 749 } 750 751 tags { 752 bar = "baz" 753 } 754 } 755 ` 756 757 const testAccAWSSecurityGroupConfig_generatedName = ` 758 resource "aws_security_group" "web" { 759 ingress { 760 protocol = "tcp" 761 from_port = 80 762 to_port = 8000 763 cidr_blocks = ["10.0.0.0/8"] 764 } 765 766 egress { 767 protocol = "tcp" 768 from_port = 80 769 to_port = 8000 770 cidr_blocks = ["10.0.0.0/8"] 771 } 772 773 tags { 774 Name = "tf-acc-test" 775 } 776 } 777 ` 778 779 const testAccAWSSecurityGroupConfigDefaultEgress = ` 780 resource "aws_vpc" "tf_sg_egress_test" { 781 cidr_block = "10.0.0.0/16" 782 tags { 783 Name = "tf_sg_egress_test" 784 } 785 } 786 787 resource "aws_security_group" "worker" { 788 name = "terraform_acceptance_test_example_1" 789 description = "Used in the terraform acceptance tests" 790 vpc_id = "${aws_vpc.tf_sg_egress_test.id}" 791 792 egress { 793 protocol = "tcp" 794 from_port = 80 795 to_port = 8000 796 cidr_blocks = ["10.0.0.0/8"] 797 } 798 } 799 ` 800 801 const testAccAWSSecurityGroupConfigClassic = ` 802 provider "aws" { 803 region = "us-east-1" 804 } 805 806 resource "aws_security_group" "web" { 807 name = "terraform_acceptance_test_example_1" 808 description = "Used in the terraform acceptance tests" 809 } 810 `