github.com/richardbowden/terraform@v0.6.12-0.20160901200758-30ea22c25211/builtin/providers/aws/import_aws_security_group.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 6 "github.com/aws/aws-sdk-go/service/ec2" 7 "github.com/hashicorp/terraform/helper/schema" 8 ) 9 10 // Security group import fans out to multiple resources due to the 11 // security group rules. Instead of creating one resource with nested 12 // rules, we use the best practices approach of one resource per rule. 13 func resourceAwsSecurityGroupImportState( 14 d *schema.ResourceData, 15 meta interface{}) ([]*schema.ResourceData, error) { 16 conn := meta.(*AWSClient).ec2conn 17 18 // First query the security group 19 sgRaw, _, err := SGStateRefreshFunc(conn, d.Id())() 20 if err != nil { 21 return nil, err 22 } 23 if sgRaw == nil { 24 return nil, fmt.Errorf("security group not found") 25 } 26 sg := sgRaw.(*ec2.SecurityGroup) 27 sgId := d.Id() 28 29 // Start building our results 30 results := make([]*schema.ResourceData, 1, 31 1+len(sg.IpPermissions)+len(sg.IpPermissionsEgress)) 32 results[0] = d 33 34 // Construct the rules 35 ruleResource := resourceAwsSecurityGroupRule() 36 permMap := map[string][]*ec2.IpPermission{ 37 "ingress": sg.IpPermissions, 38 "egress": sg.IpPermissionsEgress, 39 } 40 for ruleType, perms := range permMap { 41 for _, perm := range perms { 42 // Construct the rule. We do this by populating the absolute 43 // minimum necessary for Refresh on the rule to work. This 44 // happens to be a lot of fields since they're almost all needed 45 // for de-dupping. 46 id := ipPermissionIDHash(sgId, ruleType, perm) 47 d := ruleResource.Data(nil) 48 d.SetId(id) 49 d.SetType("aws_security_group_rule") 50 d.Set("security_group_id", sgId) 51 d.Set("type", ruleType) 52 53 // 'self' is false by default. Below, we range over the group ids and set true 54 // if the parent sg id is found 55 d.Set("self", false) 56 57 if len(perm.UserIdGroupPairs) > 0 { 58 s := perm.UserIdGroupPairs[0] 59 60 // Check for Pair that is the same as the Security Group, to denote self. 61 // Otherwise, mark the group id in source_security_group_id 62 isVPC := sg.VpcId != nil && *sg.VpcId != "" 63 if isVPC { 64 if *s.GroupId == *sg.GroupId { 65 d.Set("self", true) 66 // prune the self reference from the UserIdGroupPairs, so we don't 67 // have duplicate sg ids (both self and in source_security_group_id) 68 perm.UserIdGroupPairs = append(perm.UserIdGroupPairs[:0], perm.UserIdGroupPairs[0+1:]...) 69 } 70 } else { 71 if *s.GroupName == *sg.GroupName { 72 d.Set("self", true) 73 // prune the self reference from the UserIdGroupPairs, so we don't 74 // have duplicate sg ids (both self and in source_security_group_id) 75 perm.UserIdGroupPairs = append(perm.UserIdGroupPairs[:0], perm.UserIdGroupPairs[0+1:]...) 76 } 77 } 78 } 79 80 // XXX If the rule contained more than one source security group, this 81 // will choose one of them. We actually need to create one rule for each 82 // source security group. 83 setFromIPPerm(d, sg, perm) 84 results = append(results, d) 85 } 86 } 87 88 return results, nil 89 }