From 7006cef14cb7fdbcded4686b9a2216eb40034141 Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Thu, 16 Jul 2020 13:29:05 -0400 Subject: [PATCH] retrieve vpc service quota limit for security group rules --- aws/resource_aws_security_group_test.go | 54 ++++++++++++------------- 1 file changed, 25 insertions(+), 29 deletions(-) diff --git a/aws/resource_aws_security_group_test.go b/aws/resource_aws_security_group_test.go index 5bf81a2a4a51..82facc6fd1dd 100644 --- a/aws/resource_aws_security_group_test.go +++ b/aws/resource_aws_security_group_test.go @@ -6,13 +6,13 @@ import ( "os" "reflect" "regexp" - "strconv" "testing" "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/ec2" + "github.com/aws/aws-sdk-go/service/servicequotas" "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" @@ -2203,26 +2203,23 @@ func testAccCheckAWSSecurityGroupAttributesNegOneProtocol(group *ec2.SecurityGro } } -// testAccAWSSecurityGroupRulesPerGroupLimitFromEnv returns security group rules per group limit +// testAccAWSSecurityGroupRulesPerGroupLimit returns security group rules per group limit // Currently this information is not available from any EC2 or Trusted Advisor API -// Prefers the EC2_SECURITY_GROUP_RULES_PER_GROUP_LIMIT environment variable or defaults to 50 -func testAccAWSSecurityGroupRulesPerGroupLimitFromEnv() int { - const defaultLimit = 50 - const envVar = "EC2_SECURITY_GROUP_RULES_PER_GROUP_LIMIT" - - envLimitStr := os.Getenv(envVar) - if envLimitStr == "" { - return defaultLimit +// but is available from the Service Quotas API; if still not available, defaults to 60 +func testAccAWSSecurityGroupRulesPerGroupLimit(ruleLimit *int) { + const defaultLimit = 60 + conn := testAccProvider.Meta().(*AWSClient).servicequotasconn + input := &servicequotas.GetServiceQuotaInput{ + QuotaCode: aws.String("L-0EA8095F"), + ServiceCode: aws.String("vpc"), } - envLimitInt, err := strconv.Atoi(envLimitStr) + output, err := conn.GetServiceQuota(input) if err != nil { - log.Printf("[WARN] Error converting %q environment variable value %q to integer: %s", envVar, envLimitStr, err) - return defaultLimit + log.Printf("[DEBUG] Setting Security Group Rules per Group Limit to default (%d): %s", defaultLimit, err) + *ruleLimit = defaultLimit + } else { + *ruleLimit = int(aws.Float64Value(output.Quota.Value)) } - if envLimitInt <= 50 { - return defaultLimit - } - return envLimitInt } func testAccCheckAWSSecurityGroupSGandCidrAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc { @@ -2428,11 +2425,11 @@ func TestAccAWSSecurityGroup_failWithDiffMismatch(t *testing.T) { } func TestAccAWSSecurityGroup_ruleLimitExceededAppend(t *testing.T) { - ruleLimit := testAccAWSSecurityGroupRulesPerGroupLimitFromEnv() - + var ruleLimit int var group ec2.SecurityGroup + resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, + PreCheck: func() { testAccPreCheck(t); testAccAWSSecurityGroupRulesPerGroupLimit(&ruleLimit) }, Providers: testAccProviders, CheckDestroy: testAccCheckAWSSecurityGroupDestroy, Steps: []resource.TestStep{ @@ -2469,11 +2466,11 @@ func TestAccAWSSecurityGroup_ruleLimitExceededAppend(t *testing.T) { } func TestAccAWSSecurityGroup_ruleLimitCidrBlockExceededAppend(t *testing.T) { - ruleLimit := testAccAWSSecurityGroupRulesPerGroupLimitFromEnv() + var ruleLimit int var group ec2.SecurityGroup resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, + PreCheck: func() { testAccPreCheck(t); testAccAWSSecurityGroupRulesPerGroupLimit(&ruleLimit) }, Providers: testAccProviders, CheckDestroy: testAccCheckAWSSecurityGroupDestroy, Steps: []resource.TestStep{ @@ -2534,11 +2531,11 @@ func TestAccAWSSecurityGroup_ruleLimitCidrBlockExceededAppend(t *testing.T) { } func TestAccAWSSecurityGroup_ruleLimitExceededPrepend(t *testing.T) { - ruleLimit := testAccAWSSecurityGroupRulesPerGroupLimitFromEnv() - + var ruleLimit int var group ec2.SecurityGroup + resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, + PreCheck: func() { testAccPreCheck(t); testAccAWSSecurityGroupRulesPerGroupLimit(&ruleLimit) }, Providers: testAccProviders, CheckDestroy: testAccCheckAWSSecurityGroupDestroy, Steps: []resource.TestStep{ @@ -2575,11 +2572,11 @@ func TestAccAWSSecurityGroup_ruleLimitExceededPrepend(t *testing.T) { } func TestAccAWSSecurityGroup_ruleLimitExceededAllNew(t *testing.T) { - ruleLimit := testAccAWSSecurityGroupRulesPerGroupLimitFromEnv() - + var ruleLimit int var group ec2.SecurityGroup + resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, + PreCheck: func() { testAccPreCheck(t); testAccAWSSecurityGroupRulesPerGroupLimit(&ruleLimit) }, Providers: testAccProviders, CheckDestroy: testAccCheckAWSSecurityGroupDestroy, Steps: []resource.TestStep{ @@ -2743,7 +2740,6 @@ resource "aws_security_group" "test" { to_port = "80" cidr_blocks = [ ` - for i := egressStartIndex; i < egressRulesCount+egressStartIndex; i++ { c += fmt.Sprintf(` "${cidrhost("10.1.0.0/16", %[1]d)}/32",