github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/aws/resource_aws_security_group_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "strings" 7 "testing" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awserr" 11 "github.com/aws/aws-sdk-go/service/ec2" 12 "github.com/hashicorp/terraform/helper/resource" 13 "github.com/hashicorp/terraform/terraform" 14 ) 15 16 func TestAccAWSSecurityGroup_basic(t *testing.T) { 17 var group ec2.SecurityGroup 18 19 resource.Test(t, resource.TestCase{ 20 PreCheck: func() { testAccPreCheck(t) }, 21 Providers: testAccProviders, 22 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 23 Steps: []resource.TestStep{ 24 resource.TestStep{ 25 Config: testAccAWSSecurityGroupConfig, 26 Check: resource.ComposeTestCheckFunc( 27 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 28 testAccCheckAWSSecurityGroupAttributes(&group), 29 resource.TestCheckResourceAttr( 30 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 31 resource.TestCheckResourceAttr( 32 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 33 resource.TestCheckResourceAttr( 34 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 35 resource.TestCheckResourceAttr( 36 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 37 resource.TestCheckResourceAttr( 38 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 39 resource.TestCheckResourceAttr( 40 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 41 resource.TestCheckResourceAttr( 42 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 43 ), 44 }, 45 }, 46 }) 47 } 48 49 func TestAccAWSSecurityGroup_self(t *testing.T) { 50 var group ec2.SecurityGroup 51 52 checkSelf := func(s *terraform.State) (err error) { 53 defer func() { 54 if e := recover(); e != nil { 55 err = fmt.Errorf("bad: %#v", group) 56 } 57 }() 58 59 if *group.IpPermissions[0].UserIdGroupPairs[0].GroupId != *group.GroupId { 60 return fmt.Errorf("bad: %#v", group) 61 } 62 63 return nil 64 } 65 66 resource.Test(t, resource.TestCase{ 67 PreCheck: func() { testAccPreCheck(t) }, 68 Providers: testAccProviders, 69 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 70 Steps: []resource.TestStep{ 71 resource.TestStep{ 72 Config: testAccAWSSecurityGroupConfigSelf, 73 Check: resource.ComposeTestCheckFunc( 74 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 75 resource.TestCheckResourceAttr( 76 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 77 resource.TestCheckResourceAttr( 78 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 79 resource.TestCheckResourceAttr( 80 "aws_security_group.web", "ingress.3971148406.protocol", "tcp"), 81 resource.TestCheckResourceAttr( 82 "aws_security_group.web", "ingress.3971148406.from_port", "80"), 83 resource.TestCheckResourceAttr( 84 "aws_security_group.web", "ingress.3971148406.to_port", "8000"), 85 resource.TestCheckResourceAttr( 86 "aws_security_group.web", "ingress.3971148406.self", "true"), 87 checkSelf, 88 ), 89 }, 90 }, 91 }) 92 } 93 94 func TestAccAWSSecurityGroup_vpc(t *testing.T) { 95 var group ec2.SecurityGroup 96 97 testCheck := func(*terraform.State) error { 98 if *group.VpcId == "" { 99 return fmt.Errorf("should have vpc ID") 100 } 101 102 return nil 103 } 104 105 resource.Test(t, resource.TestCase{ 106 PreCheck: func() { testAccPreCheck(t) }, 107 Providers: testAccProviders, 108 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 109 Steps: []resource.TestStep{ 110 resource.TestStep{ 111 Config: testAccAWSSecurityGroupConfigVpc, 112 Check: resource.ComposeTestCheckFunc( 113 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 114 testAccCheckAWSSecurityGroupAttributes(&group), 115 resource.TestCheckResourceAttr( 116 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 117 resource.TestCheckResourceAttr( 118 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 119 resource.TestCheckResourceAttr( 120 "aws_security_group.web", "ingress.3629188364.protocol", "tcp"), 121 resource.TestCheckResourceAttr( 122 "aws_security_group.web", "ingress.3629188364.from_port", "80"), 123 resource.TestCheckResourceAttr( 124 "aws_security_group.web", "ingress.3629188364.to_port", "8000"), 125 resource.TestCheckResourceAttr( 126 "aws_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 127 resource.TestCheckResourceAttr( 128 "aws_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 129 resource.TestCheckResourceAttr( 130 "aws_security_group.web", "egress.3629188364.protocol", "tcp"), 131 resource.TestCheckResourceAttr( 132 "aws_security_group.web", "egress.3629188364.from_port", "80"), 133 resource.TestCheckResourceAttr( 134 "aws_security_group.web", "egress.3629188364.to_port", "8000"), 135 resource.TestCheckResourceAttr( 136 "aws_security_group.web", "egress.3629188364.cidr_blocks.#", "1"), 137 resource.TestCheckResourceAttr( 138 "aws_security_group.web", "egress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 139 testCheck, 140 ), 141 }, 142 }, 143 }) 144 } 145 146 func TestAccAWSSecurityGroup_vpcNegOneIngress(t *testing.T) { 147 var group ec2.SecurityGroup 148 149 testCheck := func(*terraform.State) error { 150 if *group.VpcId == "" { 151 return fmt.Errorf("should have vpc ID") 152 } 153 154 return nil 155 } 156 157 resource.Test(t, resource.TestCase{ 158 PreCheck: func() { testAccPreCheck(t) }, 159 Providers: testAccProviders, 160 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 161 Steps: []resource.TestStep{ 162 resource.TestStep{ 163 Config: testAccAWSSecurityGroupConfigVpcNegOneIngress, 164 Check: resource.ComposeTestCheckFunc( 165 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 166 testAccCheckAWSSecurityGroupAttributesNegOneProtocol(&group), 167 resource.TestCheckResourceAttr( 168 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 169 resource.TestCheckResourceAttr( 170 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 171 resource.TestCheckResourceAttr( 172 "aws_security_group.web", "ingress.956249133.protocol", "-1"), 173 resource.TestCheckResourceAttr( 174 "aws_security_group.web", "ingress.956249133.from_port", "0"), 175 resource.TestCheckResourceAttr( 176 "aws_security_group.web", "ingress.956249133.to_port", "0"), 177 resource.TestCheckResourceAttr( 178 "aws_security_group.web", "ingress.956249133.cidr_blocks.#", "1"), 179 resource.TestCheckResourceAttr( 180 "aws_security_group.web", "ingress.956249133.cidr_blocks.0", "10.0.0.0/8"), 181 testCheck, 182 ), 183 }, 184 }, 185 }) 186 } 187 func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) { 188 var group ec2.SecurityGroup 189 190 resource.Test(t, resource.TestCase{ 191 PreCheck: func() { testAccPreCheck(t) }, 192 Providers: testAccProviders, 193 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 194 Steps: []resource.TestStep{ 195 resource.TestStep{ 196 Config: testAccAWSSecurityGroupConfigMultiIngress, 197 Check: resource.ComposeTestCheckFunc( 198 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 199 ), 200 }, 201 }, 202 }) 203 } 204 205 func TestAccAWSSecurityGroup_Change(t *testing.T) { 206 var group ec2.SecurityGroup 207 208 resource.Test(t, resource.TestCase{ 209 PreCheck: func() { testAccPreCheck(t) }, 210 Providers: testAccProviders, 211 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 212 Steps: []resource.TestStep{ 213 resource.TestStep{ 214 Config: testAccAWSSecurityGroupConfig, 215 Check: resource.ComposeTestCheckFunc( 216 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 217 ), 218 }, 219 resource.TestStep{ 220 Config: testAccAWSSecurityGroupConfigChange, 221 Check: resource.ComposeTestCheckFunc( 222 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 223 testAccCheckAWSSecurityGroupAttributesChanged(&group), 224 ), 225 }, 226 }, 227 }) 228 } 229 230 func TestAccAWSSecurityGroup_generatedName(t *testing.T) { 231 var group ec2.SecurityGroup 232 233 resource.Test(t, resource.TestCase{ 234 PreCheck: func() { testAccPreCheck(t) }, 235 Providers: testAccProviders, 236 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 237 Steps: []resource.TestStep{ 238 resource.TestStep{ 239 Config: testAccAWSSecurityGroupConfig_generatedName, 240 Check: resource.ComposeTestCheckFunc( 241 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 242 resource.TestCheckResourceAttr( 243 "aws_security_group.web", "description", "Managed by Terraform"), 244 func(s *terraform.State) error { 245 if group.GroupName == nil { 246 return fmt.Errorf("bad: No SG name") 247 } 248 if !strings.HasPrefix(*group.GroupName, "terraform-") { 249 return fmt.Errorf("No terraform- prefix: %s", *group.GroupName) 250 } 251 return nil 252 }, 253 ), 254 }, 255 }, 256 }) 257 } 258 259 func TestAccAWSSecurityGroup_DefaultEgress(t *testing.T) { 260 261 // VPC 262 resource.Test(t, resource.TestCase{ 263 PreCheck: func() { testAccPreCheck(t) }, 264 Providers: testAccProviders, 265 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 266 Steps: []resource.TestStep{ 267 resource.TestStep{ 268 Config: testAccAWSSecurityGroupConfigDefaultEgress, 269 Check: resource.ComposeTestCheckFunc( 270 testAccCheckAWSSecurityGroupExistsWithoutDefault("aws_security_group.worker"), 271 ), 272 }, 273 }, 274 }) 275 276 // Classic 277 var group ec2.SecurityGroup 278 resource.Test(t, resource.TestCase{ 279 PreCheck: func() { testAccPreCheck(t) }, 280 Providers: testAccProviders, 281 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 282 Steps: []resource.TestStep{ 283 resource.TestStep{ 284 Config: testAccAWSSecurityGroupConfigClassic, 285 Check: resource.ComposeTestCheckFunc( 286 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 287 ), 288 }, 289 }, 290 }) 291 } 292 293 func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error { 294 conn := testAccProvider.Meta().(*AWSClient).ec2conn 295 296 for _, rs := range s.RootModule().Resources { 297 if rs.Type != "aws_security_group" { 298 continue 299 } 300 301 // Retrieve our group 302 req := &ec2.DescribeSecurityGroupsInput{ 303 GroupIds: []*string{aws.String(rs.Primary.ID)}, 304 } 305 resp, err := conn.DescribeSecurityGroups(req) 306 if err == nil { 307 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 308 return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID) 309 } 310 311 return nil 312 } 313 314 ec2err, ok := err.(awserr.Error) 315 if !ok { 316 return err 317 } 318 // Confirm error code is what we want 319 if ec2err.Code() != "InvalidGroup.NotFound" { 320 return err 321 } 322 } 323 324 return nil 325 } 326 327 func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc { 328 return func(s *terraform.State) error { 329 rs, ok := s.RootModule().Resources[n] 330 if !ok { 331 return fmt.Errorf("Not found: %s", n) 332 } 333 334 if rs.Primary.ID == "" { 335 return fmt.Errorf("No Security Group is set") 336 } 337 338 conn := testAccProvider.Meta().(*AWSClient).ec2conn 339 req := &ec2.DescribeSecurityGroupsInput{ 340 GroupIds: []*string{aws.String(rs.Primary.ID)}, 341 } 342 resp, err := conn.DescribeSecurityGroups(req) 343 if err != nil { 344 return err 345 } 346 347 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 348 *group = *resp.SecurityGroups[0] 349 return nil 350 } 351 352 return fmt.Errorf("Security Group not found") 353 } 354 } 355 356 func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc { 357 return func(s *terraform.State) error { 358 p := &ec2.IpPermission{ 359 FromPort: aws.Int64(80), 360 ToPort: aws.Int64(8000), 361 IpProtocol: aws.String("tcp"), 362 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 363 } 364 365 if *group.GroupName != "terraform_acceptance_test_example" { 366 return fmt.Errorf("Bad name: %s", *group.GroupName) 367 } 368 369 if *group.Description != "Used in the terraform acceptance tests" { 370 return fmt.Errorf("Bad description: %s", *group.Description) 371 } 372 373 if len(group.IpPermissions) == 0 { 374 return fmt.Errorf("No IPPerms") 375 } 376 377 // Compare our ingress 378 if !reflect.DeepEqual(group.IpPermissions[0], p) { 379 return fmt.Errorf( 380 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 381 group.IpPermissions[0], 382 p) 383 } 384 385 return nil 386 } 387 } 388 389 func testAccCheckAWSSecurityGroupAttributesNegOneProtocol(group *ec2.SecurityGroup) resource.TestCheckFunc { 390 return func(s *terraform.State) error { 391 p := &ec2.IpPermission{ 392 IpProtocol: aws.String("-1"), 393 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 394 } 395 396 if *group.GroupName != "terraform_acceptance_test_example" { 397 return fmt.Errorf("Bad name: %s", *group.GroupName) 398 } 399 400 if *group.Description != "Used in the terraform acceptance tests" { 401 return fmt.Errorf("Bad description: %s", *group.Description) 402 } 403 404 if len(group.IpPermissions) == 0 { 405 return fmt.Errorf("No IPPerms") 406 } 407 408 // Compare our ingress 409 if !reflect.DeepEqual(group.IpPermissions[0], p) { 410 return fmt.Errorf( 411 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 412 group.IpPermissions[0], 413 p) 414 } 415 416 return nil 417 } 418 } 419 420 func TestAccAWSSecurityGroup_tags(t *testing.T) { 421 var group ec2.SecurityGroup 422 423 resource.Test(t, resource.TestCase{ 424 PreCheck: func() { testAccPreCheck(t) }, 425 Providers: testAccProviders, 426 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 427 Steps: []resource.TestStep{ 428 resource.TestStep{ 429 Config: testAccAWSSecurityGroupConfigTags, 430 Check: resource.ComposeTestCheckFunc( 431 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 432 testAccCheckTags(&group.Tags, "foo", "bar"), 433 ), 434 }, 435 436 resource.TestStep{ 437 Config: testAccAWSSecurityGroupConfigTagsUpdate, 438 Check: resource.ComposeTestCheckFunc( 439 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 440 testAccCheckTags(&group.Tags, "foo", ""), 441 testAccCheckTags(&group.Tags, "bar", "baz"), 442 ), 443 }, 444 }, 445 }) 446 } 447 448 func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroup) resource.TestCheckFunc { 449 return func(s *terraform.State) error { 450 p := []*ec2.IpPermission{ 451 &ec2.IpPermission{ 452 FromPort: aws.Int64(80), 453 ToPort: aws.Int64(9000), 454 IpProtocol: aws.String("tcp"), 455 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 456 }, 457 &ec2.IpPermission{ 458 FromPort: aws.Int64(80), 459 ToPort: aws.Int64(8000), 460 IpProtocol: aws.String("tcp"), 461 IpRanges: []*ec2.IpRange{ 462 &ec2.IpRange{ 463 CidrIp: aws.String("0.0.0.0/0"), 464 }, 465 &ec2.IpRange{ 466 CidrIp: aws.String("10.0.0.0/8"), 467 }, 468 }, 469 }, 470 } 471 472 if *group.GroupName != "terraform_acceptance_test_example" { 473 return fmt.Errorf("Bad name: %s", *group.GroupName) 474 } 475 476 if *group.Description != "Used in the terraform acceptance tests" { 477 return fmt.Errorf("Bad description: %s", *group.Description) 478 } 479 480 // Compare our ingress 481 if len(group.IpPermissions) != 2 { 482 return fmt.Errorf( 483 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 484 group.IpPermissions, 485 p) 486 } 487 488 if *group.IpPermissions[0].ToPort == 8000 { 489 group.IpPermissions[1], group.IpPermissions[0] = 490 group.IpPermissions[0], group.IpPermissions[1] 491 } 492 493 if !reflect.DeepEqual(group.IpPermissions, p) { 494 return fmt.Errorf( 495 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 496 group.IpPermissions, 497 p) 498 } 499 500 return nil 501 } 502 } 503 504 func testAccCheckAWSSecurityGroupExistsWithoutDefault(n string) resource.TestCheckFunc { 505 return func(s *terraform.State) error { 506 rs, ok := s.RootModule().Resources[n] 507 if !ok { 508 return fmt.Errorf("Not found: %s", n) 509 } 510 511 if rs.Primary.ID == "" { 512 return fmt.Errorf("No Security Group is set") 513 } 514 515 conn := testAccProvider.Meta().(*AWSClient).ec2conn 516 req := &ec2.DescribeSecurityGroupsInput{ 517 GroupIds: []*string{aws.String(rs.Primary.ID)}, 518 } 519 resp, err := conn.DescribeSecurityGroups(req) 520 if err != nil { 521 return err 522 } 523 524 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 525 group := *resp.SecurityGroups[0] 526 527 if len(group.IpPermissionsEgress) != 1 { 528 return fmt.Errorf("Security Group should have only 1 egress rule, got %d", len(group.IpPermissionsEgress)) 529 } 530 } 531 532 return nil 533 } 534 } 535 536 const testAccAWSSecurityGroupConfig = ` 537 resource "aws_security_group" "web" { 538 name = "terraform_acceptance_test_example" 539 description = "Used in the terraform acceptance tests" 540 541 ingress { 542 protocol = "tcp" 543 from_port = 80 544 to_port = 8000 545 cidr_blocks = ["10.0.0.0/8"] 546 } 547 548 egress { 549 protocol = "tcp" 550 from_port = 80 551 to_port = 8000 552 cidr_blocks = ["10.0.0.0/8"] 553 } 554 555 tags { 556 Name = "tf-acc-test" 557 } 558 } 559 ` 560 561 const testAccAWSSecurityGroupConfigChange = ` 562 resource "aws_security_group" "web" { 563 name = "terraform_acceptance_test_example" 564 description = "Used in the terraform acceptance tests" 565 566 ingress { 567 protocol = "tcp" 568 from_port = 80 569 to_port = 9000 570 cidr_blocks = ["10.0.0.0/8"] 571 } 572 573 ingress { 574 protocol = "tcp" 575 from_port = 80 576 to_port = 8000 577 cidr_blocks = ["0.0.0.0/0", "10.0.0.0/8"] 578 } 579 580 egress { 581 protocol = "tcp" 582 from_port = 80 583 to_port = 8000 584 cidr_blocks = ["10.0.0.0/8"] 585 } 586 } 587 ` 588 589 const testAccAWSSecurityGroupConfigSelf = ` 590 resource "aws_security_group" "web" { 591 name = "terraform_acceptance_test_example" 592 description = "Used in the terraform acceptance tests" 593 594 ingress { 595 protocol = "tcp" 596 from_port = 80 597 to_port = 8000 598 self = true 599 } 600 601 egress { 602 protocol = "tcp" 603 from_port = 80 604 to_port = 8000 605 cidr_blocks = ["10.0.0.0/8"] 606 } 607 } 608 ` 609 610 const testAccAWSSecurityGroupConfigVpc = ` 611 resource "aws_vpc" "foo" { 612 cidr_block = "10.1.0.0/16" 613 } 614 615 resource "aws_security_group" "web" { 616 name = "terraform_acceptance_test_example" 617 description = "Used in the terraform acceptance tests" 618 vpc_id = "${aws_vpc.foo.id}" 619 620 ingress { 621 protocol = "tcp" 622 from_port = 80 623 to_port = 8000 624 cidr_blocks = ["10.0.0.0/8"] 625 } 626 627 egress { 628 protocol = "tcp" 629 from_port = 80 630 to_port = 8000 631 cidr_blocks = ["10.0.0.0/8"] 632 } 633 } 634 ` 635 636 const testAccAWSSecurityGroupConfigVpcNegOneIngress = ` 637 resource "aws_vpc" "foo" { 638 cidr_block = "10.1.0.0/16" 639 } 640 641 resource "aws_security_group" "web" { 642 name = "terraform_acceptance_test_example" 643 description = "Used in the terraform acceptance tests" 644 vpc_id = "${aws_vpc.foo.id}" 645 646 ingress { 647 protocol = "-1" 648 from_port = 0 649 to_port = 0 650 cidr_blocks = ["10.0.0.0/8"] 651 } 652 } 653 ` 654 const testAccAWSSecurityGroupConfigMultiIngress = ` 655 resource "aws_security_group" "worker" { 656 name = "terraform_acceptance_test_example_1" 657 description = "Used in the terraform acceptance tests" 658 659 ingress { 660 protocol = "tcp" 661 from_port = 80 662 to_port = 8000 663 cidr_blocks = ["10.0.0.0/8"] 664 } 665 666 egress { 667 protocol = "tcp" 668 from_port = 80 669 to_port = 8000 670 cidr_blocks = ["10.0.0.0/8"] 671 } 672 } 673 674 resource "aws_security_group" "web" { 675 name = "terraform_acceptance_test_example_2" 676 description = "Used in the terraform acceptance tests" 677 678 ingress { 679 protocol = "tcp" 680 from_port = 22 681 to_port = 22 682 cidr_blocks = ["10.0.0.0/8"] 683 } 684 685 ingress { 686 protocol = "tcp" 687 from_port = 800 688 to_port = 800 689 cidr_blocks = ["10.0.0.0/8"] 690 } 691 692 ingress { 693 protocol = "tcp" 694 from_port = 80 695 to_port = 8000 696 security_groups = ["${aws_security_group.worker.id}"] 697 } 698 699 egress { 700 protocol = "tcp" 701 from_port = 80 702 to_port = 8000 703 cidr_blocks = ["10.0.0.0/8"] 704 } 705 } 706 ` 707 708 const testAccAWSSecurityGroupConfigTags = ` 709 resource "aws_security_group" "foo" { 710 name = "terraform_acceptance_test_example" 711 description = "Used in the terraform acceptance tests" 712 713 ingress { 714 protocol = "tcp" 715 from_port = 80 716 to_port = 8000 717 cidr_blocks = ["10.0.0.0/8"] 718 } 719 720 egress { 721 protocol = "tcp" 722 from_port = 80 723 to_port = 8000 724 cidr_blocks = ["10.0.0.0/8"] 725 } 726 727 tags { 728 foo = "bar" 729 } 730 } 731 ` 732 733 const testAccAWSSecurityGroupConfigTagsUpdate = ` 734 resource "aws_security_group" "foo" { 735 name = "terraform_acceptance_test_example" 736 description = "Used in the terraform acceptance tests" 737 738 ingress { 739 protocol = "tcp" 740 from_port = 80 741 to_port = 8000 742 cidr_blocks = ["10.0.0.0/8"] 743 } 744 745 egress { 746 protocol = "tcp" 747 from_port = 80 748 to_port = 8000 749 cidr_blocks = ["10.0.0.0/8"] 750 } 751 752 tags { 753 bar = "baz" 754 } 755 } 756 ` 757 758 const testAccAWSSecurityGroupConfig_generatedName = ` 759 resource "aws_security_group" "web" { 760 ingress { 761 protocol = "tcp" 762 from_port = 80 763 to_port = 8000 764 cidr_blocks = ["10.0.0.0/8"] 765 } 766 767 egress { 768 protocol = "tcp" 769 from_port = 80 770 to_port = 8000 771 cidr_blocks = ["10.0.0.0/8"] 772 } 773 774 tags { 775 Name = "tf-acc-test" 776 } 777 } 778 ` 779 780 const testAccAWSSecurityGroupConfigDefaultEgress = ` 781 resource "aws_vpc" "tf_sg_egress_test" { 782 cidr_block = "10.0.0.0/16" 783 tags { 784 Name = "tf_sg_egress_test" 785 } 786 } 787 788 resource "aws_security_group" "worker" { 789 name = "terraform_acceptance_test_example_1" 790 description = "Used in the terraform acceptance tests" 791 vpc_id = "${aws_vpc.tf_sg_egress_test.id}" 792 793 egress { 794 protocol = "tcp" 795 from_port = 80 796 to_port = 8000 797 cidr_blocks = ["10.0.0.0/8"] 798 } 799 } 800 ` 801 802 const testAccAWSSecurityGroupConfigClassic = ` 803 provider "aws" { 804 region = "us-east-1" 805 } 806 807 resource "aws_security_group" "web" { 808 name = "terraform_acceptance_test_example_1" 809 description = "Used in the terraform acceptance tests" 810 } 811 `