github.com/sathiyas/terraform@v0.6.9-0.20151210233947-3330da00b997/builtin/providers/aws/resource_aws_security_group_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "strings" 7 "testing" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awserr" 11 "github.com/aws/aws-sdk-go/service/ec2" 12 "github.com/hashicorp/terraform/helper/resource" 13 "github.com/hashicorp/terraform/terraform" 14 ) 15 16 func TestAccAWSSecurityGroup_basic(t *testing.T) { 17 var group ec2.SecurityGroup 18 19 resource.Test(t, resource.TestCase{ 20 PreCheck: func() { testAccPreCheck(t) }, 21 Providers: testAccProviders, 22 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 23 Steps: []resource.TestStep{ 24 resource.TestStep{ 25 Config: testAccAWSSecurityGroupConfig, 26 Check: resource.ComposeTestCheckFunc( 27 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 28 testAccCheckAWSSecurityGroupAttributes(&group), 29 resource.TestCheckResourceAttr( 30 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 31 resource.TestCheckResourceAttr( 32 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 33 resource.TestCheckResourceAttr( 34 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 35 resource.TestCheckResourceAttr( 36 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 37 resource.TestCheckResourceAttr( 38 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 39 resource.TestCheckResourceAttr( 40 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 41 resource.TestCheckResourceAttr( 42 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 43 ), 44 }, 45 }, 46 }) 47 } 48 49 func TestAccAWSSecurityGroup_namePrefix( t *testing.T) { 50 var group ec2.SecurityGroup 51 52 resource.Test(t, resource.TestCase{ 53 PreCheck: func() { testAccPreCheck(t) }, 54 Providers: testAccProviders, 55 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 56 Steps: []resource.TestStep{ 57 resource.TestStep{ 58 Config: testAccAWSSecurityGroupPrefixNameConfig, 59 Check: resource.ComposeTestCheckFunc( 60 testAccCheckAWSSecurityGroupExists("aws_security_group.baz", &group), 61 testAccCheckAWSSecurityGroupGeneratedNamePrefix( 62 "aws_security_group.baz", "baz-"), 63 ), 64 }, 65 }, 66 }) 67 } 68 69 func TestAccAWSSecurityGroup_self(t *testing.T) { 70 var group ec2.SecurityGroup 71 72 checkSelf := func(s *terraform.State) (err error) { 73 defer func() { 74 if e := recover(); e != nil { 75 err = fmt.Errorf("bad: %#v", group) 76 } 77 }() 78 79 if *group.IpPermissions[0].UserIdGroupPairs[0].GroupId != *group.GroupId { 80 return fmt.Errorf("bad: %#v", group) 81 } 82 83 return nil 84 } 85 86 resource.Test(t, resource.TestCase{ 87 PreCheck: func() { testAccPreCheck(t) }, 88 Providers: testAccProviders, 89 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 90 Steps: []resource.TestStep{ 91 resource.TestStep{ 92 Config: testAccAWSSecurityGroupConfigSelf, 93 Check: resource.ComposeTestCheckFunc( 94 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 95 resource.TestCheckResourceAttr( 96 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 97 resource.TestCheckResourceAttr( 98 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 99 resource.TestCheckResourceAttr( 100 "aws_security_group.web", "ingress.3971148406.protocol", "tcp"), 101 resource.TestCheckResourceAttr( 102 "aws_security_group.web", "ingress.3971148406.from_port", "80"), 103 resource.TestCheckResourceAttr( 104 "aws_security_group.web", "ingress.3971148406.to_port", "8000"), 105 resource.TestCheckResourceAttr( 106 "aws_security_group.web", "ingress.3971148406.self", "true"), 107 checkSelf, 108 ), 109 }, 110 }, 111 }) 112 } 113 114 func TestAccAWSSecurityGroup_vpc(t *testing.T) { 115 var group ec2.SecurityGroup 116 117 testCheck := func(*terraform.State) error { 118 if *group.VpcId == "" { 119 return fmt.Errorf("should have vpc ID") 120 } 121 122 return nil 123 } 124 125 resource.Test(t, resource.TestCase{ 126 PreCheck: func() { testAccPreCheck(t) }, 127 Providers: testAccProviders, 128 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 129 Steps: []resource.TestStep{ 130 resource.TestStep{ 131 Config: testAccAWSSecurityGroupConfigVpc, 132 Check: resource.ComposeTestCheckFunc( 133 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 134 testAccCheckAWSSecurityGroupAttributes(&group), 135 resource.TestCheckResourceAttr( 136 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 137 resource.TestCheckResourceAttr( 138 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 139 resource.TestCheckResourceAttr( 140 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 141 resource.TestCheckResourceAttr( 142 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 143 resource.TestCheckResourceAttr( 144 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 145 resource.TestCheckResourceAttr( 146 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 147 resource.TestCheckResourceAttr( 148 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 149 resource.TestCheckResourceAttr( 150 "aws_security_group.web", "egress.3629188364.protocol", "tcp"), 151 resource.TestCheckResourceAttr( 152 "aws_security_group.web", "egress.3629188364.from_port", "80"), 153 resource.TestCheckResourceAttr( 154 "aws_security_group.web", "egress.3629188364.to_port", "8000"), 155 resource.TestCheckResourceAttr( 156 "aws_security_group.web", "egress.3629188364.cidr_blocks.#", "1"), 157 resource.TestCheckResourceAttr( 158 "aws_security_group.web", "egress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 159 testCheck, 160 ), 161 }, 162 }, 163 }) 164 } 165 166 func TestAccAWSSecurityGroup_vpcNegOneIngress(t *testing.T) { 167 var group ec2.SecurityGroup 168 169 testCheck := func(*terraform.State) error { 170 if *group.VpcId == "" { 171 return fmt.Errorf("should have vpc ID") 172 } 173 174 return nil 175 } 176 177 resource.Test(t, resource.TestCase{ 178 PreCheck: func() { testAccPreCheck(t) }, 179 Providers: testAccProviders, 180 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 181 Steps: []resource.TestStep{ 182 resource.TestStep{ 183 Config: testAccAWSSecurityGroupConfigVpcNegOneIngress, 184 Check: resource.ComposeTestCheckFunc( 185 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 186 testAccCheckAWSSecurityGroupAttributesNegOneProtocol(&group), 187 resource.TestCheckResourceAttr( 188 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 189 resource.TestCheckResourceAttr( 190 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 191 resource.TestCheckResourceAttr( 192 "aws_security_group.web", "ingress.956249133.protocol", "-1"), 193 resource.TestCheckResourceAttr( 194 "aws_security_group.web", "ingress.956249133.from_port", "0"), 195 resource.TestCheckResourceAttr( 196 "aws_security_group.web", "ingress.956249133.to_port", "0"), 197 resource.TestCheckResourceAttr( 198 "aws_security_group.web", "ingress.956249133.cidr_blocks.#", "1"), 199 resource.TestCheckResourceAttr( 200 "aws_security_group.web", "ingress.956249133.cidr_blocks.0", "10.0.0.0/8"), 201 testCheck, 202 ), 203 }, 204 }, 205 }) 206 } 207 func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) { 208 var group ec2.SecurityGroup 209 210 resource.Test(t, resource.TestCase{ 211 PreCheck: func() { testAccPreCheck(t) }, 212 Providers: testAccProviders, 213 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 214 Steps: []resource.TestStep{ 215 resource.TestStep{ 216 Config: testAccAWSSecurityGroupConfigMultiIngress, 217 Check: resource.ComposeTestCheckFunc( 218 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 219 ), 220 }, 221 }, 222 }) 223 } 224 225 func TestAccAWSSecurityGroup_Change(t *testing.T) { 226 var group ec2.SecurityGroup 227 228 resource.Test(t, resource.TestCase{ 229 PreCheck: func() { testAccPreCheck(t) }, 230 Providers: testAccProviders, 231 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 232 Steps: []resource.TestStep{ 233 resource.TestStep{ 234 Config: testAccAWSSecurityGroupConfig, 235 Check: resource.ComposeTestCheckFunc( 236 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 237 ), 238 }, 239 resource.TestStep{ 240 Config: testAccAWSSecurityGroupConfigChange, 241 Check: resource.ComposeTestCheckFunc( 242 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 243 testAccCheckAWSSecurityGroupAttributesChanged(&group), 244 ), 245 }, 246 }, 247 }) 248 } 249 250 func TestAccAWSSecurityGroup_generatedName(t *testing.T) { 251 var group ec2.SecurityGroup 252 253 resource.Test(t, resource.TestCase{ 254 PreCheck: func() { testAccPreCheck(t) }, 255 Providers: testAccProviders, 256 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 257 Steps: []resource.TestStep{ 258 resource.TestStep{ 259 Config: testAccAWSSecurityGroupConfig_generatedName, 260 Check: resource.ComposeTestCheckFunc( 261 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 262 resource.TestCheckResourceAttr( 263 "aws_security_group.web", "description", "Managed by Terraform"), 264 func(s *terraform.State) error { 265 if group.GroupName == nil { 266 return fmt.Errorf("bad: No SG name") 267 } 268 if !strings.HasPrefix(*group.GroupName, "terraform-") { 269 return fmt.Errorf("No terraform- prefix: %s", *group.GroupName) 270 } 271 return nil 272 }, 273 ), 274 }, 275 }, 276 }) 277 } 278 279 func TestAccAWSSecurityGroup_DefaultEgress(t *testing.T) { 280 281 // VPC 282 resource.Test(t, resource.TestCase{ 283 PreCheck: func() { testAccPreCheck(t) }, 284 Providers: testAccProviders, 285 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 286 Steps: []resource.TestStep{ 287 resource.TestStep{ 288 Config: testAccAWSSecurityGroupConfigDefaultEgress, 289 Check: resource.ComposeTestCheckFunc( 290 testAccCheckAWSSecurityGroupExistsWithoutDefault("aws_security_group.worker"), 291 ), 292 }, 293 }, 294 }) 295 296 // Classic 297 var group ec2.SecurityGroup 298 resource.Test(t, resource.TestCase{ 299 PreCheck: func() { testAccPreCheck(t) }, 300 Providers: testAccProviders, 301 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 302 Steps: []resource.TestStep{ 303 resource.TestStep{ 304 Config: testAccAWSSecurityGroupConfigClassic, 305 Check: resource.ComposeTestCheckFunc( 306 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 307 ), 308 }, 309 }, 310 }) 311 } 312 313 func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error { 314 conn := testAccProvider.Meta().(*AWSClient).ec2conn 315 316 for _, rs := range s.RootModule().Resources { 317 if rs.Type != "aws_security_group" { 318 continue 319 } 320 321 // Retrieve our group 322 req := &ec2.DescribeSecurityGroupsInput{ 323 GroupIds: []*string{aws.String(rs.Primary.ID)}, 324 } 325 resp, err := conn.DescribeSecurityGroups(req) 326 if err == nil { 327 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 328 return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID) 329 } 330 331 return nil 332 } 333 334 ec2err, ok := err.(awserr.Error) 335 if !ok { 336 return err 337 } 338 // Confirm error code is what we want 339 if ec2err.Code() != "InvalidGroup.NotFound" { 340 return err 341 } 342 } 343 344 return nil 345 } 346 347 func testAccCheckAWSSecurityGroupGeneratedNamePrefix( 348 resource, prefix string) resource.TestCheckFunc { 349 return func(s *terraform.State) error { 350 r, ok := s.RootModule().Resources[resource] 351 if !ok { 352 return fmt.Errorf("Resource not found") 353 } 354 name, ok := r.Primary.Attributes["name"] 355 if !ok { 356 return fmt.Errorf("Name attr not found: %#v", r.Primary.Attributes) 357 } 358 if !strings.HasPrefix(name, prefix) { 359 return fmt.Errorf("Name: %q, does not have prefix: %q", name, prefix) 360 } 361 return nil 362 } 363 } 364 365 func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc { 366 return func(s *terraform.State) error { 367 rs, ok := s.RootModule().Resources[n] 368 if !ok { 369 return fmt.Errorf("Not found: %s", n) 370 } 371 372 if rs.Primary.ID == "" { 373 return fmt.Errorf("No Security Group is set") 374 } 375 376 conn := testAccProvider.Meta().(*AWSClient).ec2conn 377 req := &ec2.DescribeSecurityGroupsInput{ 378 GroupIds: []*string{aws.String(rs.Primary.ID)}, 379 } 380 resp, err := conn.DescribeSecurityGroups(req) 381 if err != nil { 382 return err 383 } 384 385 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 386 *group = *resp.SecurityGroups[0] 387 return nil 388 } 389 390 return fmt.Errorf("Security Group not found") 391 } 392 } 393 394 func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc { 395 return func(s *terraform.State) error { 396 p := &ec2.IpPermission{ 397 FromPort: aws.Int64(80), 398 ToPort: aws.Int64(8000), 399 IpProtocol: aws.String("tcp"), 400 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 401 } 402 403 if *group.GroupName != "terraform_acceptance_test_example" { 404 return fmt.Errorf("Bad name: %s", *group.GroupName) 405 } 406 407 if *group.Description != "Used in the terraform acceptance tests" { 408 return fmt.Errorf("Bad description: %s", *group.Description) 409 } 410 411 if len(group.IpPermissions) == 0 { 412 return fmt.Errorf("No IPPerms") 413 } 414 415 // Compare our ingress 416 if !reflect.DeepEqual(group.IpPermissions[0], p) { 417 return fmt.Errorf( 418 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 419 group.IpPermissions[0], 420 p) 421 } 422 423 return nil 424 } 425 } 426 427 func testAccCheckAWSSecurityGroupAttributesNegOneProtocol(group *ec2.SecurityGroup) resource.TestCheckFunc { 428 return func(s *terraform.State) error { 429 p := &ec2.IpPermission{ 430 IpProtocol: aws.String("-1"), 431 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 432 } 433 434 if *group.GroupName != "terraform_acceptance_test_example" { 435 return fmt.Errorf("Bad name: %s", *group.GroupName) 436 } 437 438 if *group.Description != "Used in the terraform acceptance tests" { 439 return fmt.Errorf("Bad description: %s", *group.Description) 440 } 441 442 if len(group.IpPermissions) == 0 { 443 return fmt.Errorf("No IPPerms") 444 } 445 446 // Compare our ingress 447 if !reflect.DeepEqual(group.IpPermissions[0], p) { 448 return fmt.Errorf( 449 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 450 group.IpPermissions[0], 451 p) 452 } 453 454 return nil 455 } 456 } 457 458 func TestAccAWSSecurityGroup_tags(t *testing.T) { 459 var group ec2.SecurityGroup 460 461 resource.Test(t, resource.TestCase{ 462 PreCheck: func() { testAccPreCheck(t) }, 463 Providers: testAccProviders, 464 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 465 Steps: []resource.TestStep{ 466 resource.TestStep{ 467 Config: testAccAWSSecurityGroupConfigTags, 468 Check: resource.ComposeTestCheckFunc( 469 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 470 testAccCheckTags(&group.Tags, "foo", "bar"), 471 ), 472 }, 473 474 resource.TestStep{ 475 Config: testAccAWSSecurityGroupConfigTagsUpdate, 476 Check: resource.ComposeTestCheckFunc( 477 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 478 testAccCheckTags(&group.Tags, "foo", ""), 479 testAccCheckTags(&group.Tags, "bar", "baz"), 480 ), 481 }, 482 }, 483 }) 484 } 485 486 func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroup) resource.TestCheckFunc { 487 return func(s *terraform.State) error { 488 p := []*ec2.IpPermission{ 489 &ec2.IpPermission{ 490 FromPort: aws.Int64(80), 491 ToPort: aws.Int64(9000), 492 IpProtocol: aws.String("tcp"), 493 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 494 }, 495 &ec2.IpPermission{ 496 FromPort: aws.Int64(80), 497 ToPort: aws.Int64(8000), 498 IpProtocol: aws.String("tcp"), 499 IpRanges: []*ec2.IpRange{ 500 &ec2.IpRange{ 501 CidrIp: aws.String("0.0.0.0/0"), 502 }, 503 &ec2.IpRange{ 504 CidrIp: aws.String("10.0.0.0/8"), 505 }, 506 }, 507 }, 508 } 509 510 if *group.GroupName != "terraform_acceptance_test_example" { 511 return fmt.Errorf("Bad name: %s", *group.GroupName) 512 } 513 514 if *group.Description != "Used in the terraform acceptance tests" { 515 return fmt.Errorf("Bad description: %s", *group.Description) 516 } 517 518 // Compare our ingress 519 if len(group.IpPermissions) != 2 { 520 return fmt.Errorf( 521 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 522 group.IpPermissions, 523 p) 524 } 525 526 if *group.IpPermissions[0].ToPort == 8000 { 527 group.IpPermissions[1], group.IpPermissions[0] = 528 group.IpPermissions[0], group.IpPermissions[1] 529 } 530 531 if !reflect.DeepEqual(group.IpPermissions, p) { 532 return fmt.Errorf( 533 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 534 group.IpPermissions, 535 p) 536 } 537 538 return nil 539 } 540 } 541 542 func testAccCheckAWSSecurityGroupExistsWithoutDefault(n string) resource.TestCheckFunc { 543 return func(s *terraform.State) error { 544 rs, ok := s.RootModule().Resources[n] 545 if !ok { 546 return fmt.Errorf("Not found: %s", n) 547 } 548 549 if rs.Primary.ID == "" { 550 return fmt.Errorf("No Security Group is set") 551 } 552 553 conn := testAccProvider.Meta().(*AWSClient).ec2conn 554 req := &ec2.DescribeSecurityGroupsInput{ 555 GroupIds: []*string{aws.String(rs.Primary.ID)}, 556 } 557 resp, err := conn.DescribeSecurityGroups(req) 558 if err != nil { 559 return err 560 } 561 562 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 563 group := *resp.SecurityGroups[0] 564 565 if len(group.IpPermissionsEgress) != 1 { 566 return fmt.Errorf("Security Group should have only 1 egress rule, got %d", len(group.IpPermissionsEgress)) 567 } 568 } 569 570 return nil 571 } 572 } 573 574 const testAccAWSSecurityGroupConfig = ` 575 resource "aws_security_group" "web" { 576 name = "terraform_acceptance_test_example" 577 description = "Used in the terraform acceptance tests" 578 579 ingress { 580 protocol = "tcp" 581 from_port = 80 582 to_port = 8000 583 cidr_blocks = ["10.0.0.0/8"] 584 } 585 586 egress { 587 protocol = "tcp" 588 from_port = 80 589 to_port = 8000 590 cidr_blocks = ["10.0.0.0/8"] 591 } 592 593 tags { 594 Name = "tf-acc-test" 595 } 596 } 597 ` 598 599 const testAccAWSSecurityGroupConfigChange = ` 600 resource "aws_security_group" "web" { 601 name = "terraform_acceptance_test_example" 602 description = "Used in the terraform acceptance tests" 603 604 ingress { 605 protocol = "tcp" 606 from_port = 80 607 to_port = 9000 608 cidr_blocks = ["10.0.0.0/8"] 609 } 610 611 ingress { 612 protocol = "tcp" 613 from_port = 80 614 to_port = 8000 615 cidr_blocks = ["0.0.0.0/0", "10.0.0.0/8"] 616 } 617 618 egress { 619 protocol = "tcp" 620 from_port = 80 621 to_port = 8000 622 cidr_blocks = ["10.0.0.0/8"] 623 } 624 } 625 ` 626 627 const testAccAWSSecurityGroupConfigSelf = ` 628 resource "aws_security_group" "web" { 629 name = "terraform_acceptance_test_example" 630 description = "Used in the terraform acceptance tests" 631 632 ingress { 633 protocol = "tcp" 634 from_port = 80 635 to_port = 8000 636 self = true 637 } 638 639 egress { 640 protocol = "tcp" 641 from_port = 80 642 to_port = 8000 643 cidr_blocks = ["10.0.0.0/8"] 644 } 645 } 646 ` 647 648 const testAccAWSSecurityGroupConfigVpc = ` 649 resource "aws_vpc" "foo" { 650 cidr_block = "10.1.0.0/16" 651 } 652 653 resource "aws_security_group" "web" { 654 name = "terraform_acceptance_test_example" 655 description = "Used in the terraform acceptance tests" 656 vpc_id = "${aws_vpc.foo.id}" 657 658 ingress { 659 protocol = "tcp" 660 from_port = 80 661 to_port = 8000 662 cidr_blocks = ["10.0.0.0/8"] 663 } 664 665 egress { 666 protocol = "tcp" 667 from_port = 80 668 to_port = 8000 669 cidr_blocks = ["10.0.0.0/8"] 670 } 671 } 672 ` 673 674 const testAccAWSSecurityGroupConfigVpcNegOneIngress = ` 675 resource "aws_vpc" "foo" { 676 cidr_block = "10.1.0.0/16" 677 } 678 679 resource "aws_security_group" "web" { 680 name = "terraform_acceptance_test_example" 681 description = "Used in the terraform acceptance tests" 682 vpc_id = "${aws_vpc.foo.id}" 683 684 ingress { 685 protocol = "-1" 686 from_port = 0 687 to_port = 0 688 cidr_blocks = ["10.0.0.0/8"] 689 } 690 } 691 ` 692 const testAccAWSSecurityGroupConfigMultiIngress = ` 693 resource "aws_security_group" "worker" { 694 name = "terraform_acceptance_test_example_1" 695 description = "Used in the terraform acceptance tests" 696 697 ingress { 698 protocol = "tcp" 699 from_port = 80 700 to_port = 8000 701 cidr_blocks = ["10.0.0.0/8"] 702 } 703 704 egress { 705 protocol = "tcp" 706 from_port = 80 707 to_port = 8000 708 cidr_blocks = ["10.0.0.0/8"] 709 } 710 } 711 712 resource "aws_security_group" "web" { 713 name = "terraform_acceptance_test_example_2" 714 description = "Used in the terraform acceptance tests" 715 716 ingress { 717 protocol = "tcp" 718 from_port = 22 719 to_port = 22 720 cidr_blocks = ["10.0.0.0/8"] 721 } 722 723 ingress { 724 protocol = "tcp" 725 from_port = 800 726 to_port = 800 727 cidr_blocks = ["10.0.0.0/8"] 728 } 729 730 ingress { 731 protocol = "tcp" 732 from_port = 80 733 to_port = 8000 734 security_groups = ["${aws_security_group.worker.id}"] 735 } 736 737 egress { 738 protocol = "tcp" 739 from_port = 80 740 to_port = 8000 741 cidr_blocks = ["10.0.0.0/8"] 742 } 743 } 744 ` 745 746 const testAccAWSSecurityGroupConfigTags = ` 747 resource "aws_security_group" "foo" { 748 name = "terraform_acceptance_test_example" 749 description = "Used in the terraform acceptance tests" 750 751 ingress { 752 protocol = "tcp" 753 from_port = 80 754 to_port = 8000 755 cidr_blocks = ["10.0.0.0/8"] 756 } 757 758 egress { 759 protocol = "tcp" 760 from_port = 80 761 to_port = 8000 762 cidr_blocks = ["10.0.0.0/8"] 763 } 764 765 tags { 766 foo = "bar" 767 } 768 } 769 ` 770 771 const testAccAWSSecurityGroupConfigTagsUpdate = ` 772 resource "aws_security_group" "foo" { 773 name = "terraform_acceptance_test_example" 774 description = "Used in the terraform acceptance tests" 775 776 ingress { 777 protocol = "tcp" 778 from_port = 80 779 to_port = 8000 780 cidr_blocks = ["10.0.0.0/8"] 781 } 782 783 egress { 784 protocol = "tcp" 785 from_port = 80 786 to_port = 8000 787 cidr_blocks = ["10.0.0.0/8"] 788 } 789 790 tags { 791 bar = "baz" 792 } 793 } 794 ` 795 796 const testAccAWSSecurityGroupConfig_generatedName = ` 797 resource "aws_security_group" "web" { 798 ingress { 799 protocol = "tcp" 800 from_port = 80 801 to_port = 8000 802 cidr_blocks = ["10.0.0.0/8"] 803 } 804 805 egress { 806 protocol = "tcp" 807 from_port = 80 808 to_port = 8000 809 cidr_blocks = ["10.0.0.0/8"] 810 } 811 812 tags { 813 Name = "tf-acc-test" 814 } 815 } 816 ` 817 818 const testAccAWSSecurityGroupConfigDefaultEgress = ` 819 resource "aws_vpc" "tf_sg_egress_test" { 820 cidr_block = "10.0.0.0/16" 821 tags { 822 Name = "tf_sg_egress_test" 823 } 824 } 825 826 resource "aws_security_group" "worker" { 827 name = "terraform_acceptance_test_example_1" 828 description = "Used in the terraform acceptance tests" 829 vpc_id = "${aws_vpc.tf_sg_egress_test.id}" 830 831 egress { 832 protocol = "tcp" 833 from_port = 80 834 to_port = 8000 835 cidr_blocks = ["10.0.0.0/8"] 836 } 837 } 838 ` 839 840 const testAccAWSSecurityGroupConfigClassic = ` 841 provider "aws" { 842 region = "us-east-1" 843 } 844 845 resource "aws_security_group" "web" { 846 name = "terraform_acceptance_test_example_1" 847 description = "Used in the terraform acceptance tests" 848 } 849 ` 850 851 const testAccAWSSecurityGroupPrefixNameConfig = ` 852 provider "aws" { 853 region = "us-east-1" 854 } 855 856 resource "aws_security_group" "baz" { 857 name_prefix = "baz-" 858 description = "Used in the terraform acceptance tests" 859 } 860 `