Skip to content

Commit

Permalink
retrieve vpc service quota limit for security group rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@anGie44
anGie44 committed Jul 16, 2020
1 parent e11ab5c commit 7006cef
Showing 1 changed file with 25 additions and 29 deletions.
54 changes: 25 additions & 29 deletions aws/resource_aws_security_group_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ import (
"os"
"reflect"
"regexp"
"strconv"
"testing"
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/servicequotas"
"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
Expand Down Expand Up @@ -2203,26 +2203,23 @@ func testAccCheckAWSSecurityGroupAttributesNegOneProtocol(group *ec2.SecurityGro
}
}

// testAccAWSSecurityGroupRulesPerGroupLimitFromEnv returns security group rules per group limit
// testAccAWSSecurityGroupRulesPerGroupLimit returns security group rules per group limit
// Currently this information is not available from any EC2 or Trusted Advisor API
// Prefers the EC2_SECURITY_GROUP_RULES_PER_GROUP_LIMIT environment variable or defaults to 50
func testAccAWSSecurityGroupRulesPerGroupLimitFromEnv() int {
const defaultLimit = 50
const envVar = "EC2_SECURITY_GROUP_RULES_PER_GROUP_LIMIT"

envLimitStr := os.Getenv(envVar)
if envLimitStr == "" {
return defaultLimit
// but is available from the Service Quotas API; if still not available, defaults to 60
func testAccAWSSecurityGroupRulesPerGroupLimit(ruleLimit *int) {
const defaultLimit = 60
conn := testAccProvider.Meta().(*AWSClient).servicequotasconn
input := &servicequotas.GetServiceQuotaInput{
QuotaCode: aws.String("L-0EA8095F"),
ServiceCode: aws.String("vpc"),
}
envLimitInt, err := strconv.Atoi(envLimitStr)
output, err := conn.GetServiceQuota(input)
if err != nil {
log.Printf("[WARN] Error converting %q environment variable value %q to integer: %s", envVar, envLimitStr, err)
return defaultLimit
log.Printf("[DEBUG] Setting Security Group Rules per Group Limit to default (%d): %s", defaultLimit, err)
*ruleLimit = defaultLimit
} else {
*ruleLimit = int(aws.Float64Value(output.Quota.Value))
}
if envLimitInt <= 50 {
return defaultLimit
}
return envLimitInt
}

func testAccCheckAWSSecurityGroupSGandCidrAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc {
Expand Down Expand Up @@ -2428,11 +2425,11 @@ func TestAccAWSSecurityGroup_failWithDiffMismatch(t *testing.T) {
}

func TestAccAWSSecurityGroup_ruleLimitExceededAppend(t *testing.T) {
ruleLimit := testAccAWSSecurityGroupRulesPerGroupLimitFromEnv()

var ruleLimit int
var group ec2.SecurityGroup

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
PreCheck: func() { testAccPreCheck(t); testAccAWSSecurityGroupRulesPerGroupLimit(&ruleLimit) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
Steps: []resource.TestStep{
Expand Down Expand Up @@ -2469,11 +2466,11 @@ func TestAccAWSSecurityGroup_ruleLimitExceededAppend(t *testing.T) {
}

func TestAccAWSSecurityGroup_ruleLimitCidrBlockExceededAppend(t *testing.T) {
ruleLimit := testAccAWSSecurityGroupRulesPerGroupLimitFromEnv()
var ruleLimit int

var group ec2.SecurityGroup
resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
PreCheck: func() { testAccPreCheck(t); testAccAWSSecurityGroupRulesPerGroupLimit(&ruleLimit) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
Steps: []resource.TestStep{
Expand Down Expand Up @@ -2534,11 +2531,11 @@ func TestAccAWSSecurityGroup_ruleLimitCidrBlockExceededAppend(t *testing.T) {
}

func TestAccAWSSecurityGroup_ruleLimitExceededPrepend(t *testing.T) {
ruleLimit := testAccAWSSecurityGroupRulesPerGroupLimitFromEnv()

var ruleLimit int
var group ec2.SecurityGroup

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
PreCheck: func() { testAccPreCheck(t); testAccAWSSecurityGroupRulesPerGroupLimit(&ruleLimit) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
Steps: []resource.TestStep{
Expand Down Expand Up @@ -2575,11 +2572,11 @@ func TestAccAWSSecurityGroup_ruleLimitExceededPrepend(t *testing.T) {
}

func TestAccAWSSecurityGroup_ruleLimitExceededAllNew(t *testing.T) {
ruleLimit := testAccAWSSecurityGroupRulesPerGroupLimitFromEnv()

var ruleLimit int
var group ec2.SecurityGroup

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
PreCheck: func() { testAccPreCheck(t); testAccAWSSecurityGroupRulesPerGroupLimit(&ruleLimit) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
Steps: []resource.TestStep{
Expand Down Expand Up @@ -2743,7 +2740,6 @@ resource "aws_security_group" "test" {
to_port = "80"
cidr_blocks = [
`

for i := egressStartIndex; i < egressRulesCount+egressStartIndex; i++ {
c += fmt.Sprintf(`
"${cidrhost("10.1.0.0/16", %[1]d)}/32",
Expand Down

0 comments on commit 7006cef

Please sign in to comment.