Merge pull request #350 from dtan4/dtan4/nacl-icmp-detail

Add icmp_code and icmp_type to NACL tf
dtan4 · Jul 26, 2017 · 419f7f5 · 419f7f5
2 parents 89c1909 + b8ac730
commit 419f7f5
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 2 deletions.
diff --git a/lib/terraforming/template/tf/network_acl.erb b/lib/terraforming/template/tf/network_acl.erb
@@ -11,6 +11,10 @@ resource "aws_network_acl" "<%= module_name_of(network_acl) %>" {
         action     = "<%= ingress.rule_action %>"
         protocol   = "<%= ingress.protocol %>"
         cidr_block = "<%= ingress.cidr_block %>"
+<%- if ingress.icmp_type_code -%>
+        icmp_code  = "<%= ingress.icmp_type_code.code %>"
+        icmp_type  = "<%= ingress.icmp_type_code.type %>"
+<%- end -%>
     }
 
 <% end -%>
@@ -22,6 +26,10 @@ resource "aws_network_acl" "<%= module_name_of(network_acl) %>" {
         action     = "<%= egress.rule_action %>"
         protocol   = "<%= egress.protocol %>"
         cidr_block = "<%= egress.cidr_block %>"
+<%- if egress.icmp_type_code -%>
+        icmp_code  = "<%= egress.icmp_type_code.code %>"
+        icmp_type  = "<%= egress.icmp_type_code.type %>"
+<%- end -%>
     }
 
 <% end -%>

diff --git a/spec/lib/terraforming/resource/network_acl_spec.rb b/spec/lib/terraforming/resource/network_acl_spec.rb
@@ -63,6 +63,30 @@ module Resource
                 cidr_block: "0.0.0.0/0",
                 port_range: nil,
               },
+              {
+                rule_number: 12345,
+                protocol: "1",
+                rule_action: "allow",
+                egress: false,
+                cidr_block: "0.0.0.0/0",
+                port_range: nil,
+                icmp_type_code: {
+                  code: -1,
+                  type: 10,
+                },
+              },
+              {
+                rule_number: 15000,
+                protocol: "1",
+                rule_action: "allow",
+                egress: true,
+                cidr_block: "0.0.0.0/0",
+                port_range: nil,
+                icmp_type_code: {
+                  code: -1,
+                  type: 4
+                },
+              },
               {
                 rule_number: 32767,
                 protocol: "-1",
@@ -132,6 +156,28 @@ module Resource
         cidr_block = "0.0.0.0/0"
     }
 
+    ingress {
+        from_port  = 0
+        to_port    = 0
+        rule_no    = 12345
+        action     = "allow"
+        protocol   = "1"
+        cidr_block = "0.0.0.0/0"
+        icmp_code  = "-1"
+        icmp_type  = "10"
+    }
+
+    egress {
+        from_port  = 0
+        to_port    = 0
+        rule_no    = 15000
+        action     = "allow"
+        protocol   = "1"
+        cidr_block = "0.0.0.0/0"
+        icmp_code  = "-1"
+        icmp_type  = "4"
+    }
+
     tags {
         "Name" = "fuga"
     }
@@ -163,9 +209,9 @@ module Resource
               "primary" => {
                 "id" => "acl-5678efgh",
                 "attributes" => {
-                  "egress.#" => "0",
+                  "egress.#" => "1",
                   "id" => "acl-5678efgh",
-                  "ingress.#" => "1",
+                  "ingress.#" => "2",
                   "subnet_ids.#" => "2",
                   "tags.#" => "1",
                   "vpc_id" => "vpc-5678efgh",