From 48a4b3deaad97ef7e4e4d58925d28fc73866450d Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 24 Mar 2017 19:35:36 +0200 Subject: [PATCH] provider/aws: aws_network_acl_rule treat all and -1 for protocol the (#13049) same Fixes: #13012 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSNetworkAclRule_allProtocol' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/03/24 18:42:05 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSNetworkAclRule_allProtocol -timeout 120m === RUN TestAccAWSNetworkAclRule_allProtocol --- PASS: TestAccAWSNetworkAclRule_allProtocol (53.95s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 53.974s ``` --- .../aws/resource_aws_network_acl_rule.go | 6 ++ .../aws/resource_aws_network_acl_rule_test.go | 57 +++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/builtin/providers/aws/resource_aws_network_acl_rule.go b/builtin/providers/aws/resource_aws_network_acl_rule.go index 6b5f0c299f53..5cce925c59d7 100644 --- a/builtin/providers/aws/resource_aws_network_acl_rule.go +++ b/builtin/providers/aws/resource_aws_network_acl_rule.go @@ -41,6 +41,12 @@ func resourceAwsNetworkAclRule() *schema.Resource { Type: schema.TypeString, Required: true, ForceNew: true, + DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { + if old == "all" && new == "-1" || old == "-1" && new == "all" { + return true + } + return false + }, }, "rule_action": { Type: schema.TypeString, diff --git a/builtin/providers/aws/resource_aws_network_acl_rule_test.go b/builtin/providers/aws/resource_aws_network_acl_rule_test.go index e793ebf5313b..f9ab943a86e9 100644 --- a/builtin/providers/aws/resource_aws_network_acl_rule_test.go +++ b/builtin/providers/aws/resource_aws_network_acl_rule_test.go @@ -66,6 +66,25 @@ func TestAccAWSNetworkAclRule_ipv6(t *testing.T) { }) } +func TestAccAWSNetworkAclRule_allProtocol(t *testing.T) { + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSNetworkAclRuleAllProtocolConfig, + ExpectNonEmptyPlan: false, + }, + { + Config: testAccAWSNetworkAclRuleAllProtocolConfigNoRealUpdate, + ExpectNonEmptyPlan: false, + }, + }, + }) +} + func TestResourceAWSNetworkAclRule_validateICMPArgumentValue(t *testing.T) { type testCases struct { Value string @@ -251,6 +270,44 @@ resource "aws_network_acl_rule" "baz" { } ` +const testAccAWSNetworkAclRuleAllProtocolConfigNoRealUpdate = ` +resource "aws_vpc" "foo" { + cidr_block = "10.3.0.0/16" +} +resource "aws_network_acl" "bar" { + vpc_id = "${aws_vpc.foo.id}" +} +resource "aws_network_acl_rule" "baz" { + network_acl_id = "${aws_network_acl.bar.id}" + rule_number = 150 + egress = false + protocol = "all" + rule_action = "allow" + cidr_block = "0.0.0.0/0" + from_port = 22 + to_port = 22 +} +` + +const testAccAWSNetworkAclRuleAllProtocolConfig = ` +resource "aws_vpc" "foo" { + cidr_block = "10.3.0.0/16" +} +resource "aws_network_acl" "bar" { + vpc_id = "${aws_vpc.foo.id}" +} +resource "aws_network_acl_rule" "baz" { + network_acl_id = "${aws_network_acl.bar.id}" + rule_number = 150 + egress = false + protocol = "-1" + rule_action = "allow" + cidr_block = "0.0.0.0/0" + from_port = 22 + to_port = 22 +} +` + const testAccAWSNetworkAclRuleIpv6Config = ` resource "aws_vpc" "foo" { cidr_block = "10.3.0.0/16"