Skip to content

Commit

Permalink
provider/aws: Add inplace edit/update DB Security Group Rule Ingress (h…
Browse files Browse the repository at this point in the history
  • Loading branch information
catsby authored Jun 29, 2016
1 parent d2df76e commit dd0850a
Showing 1 changed file with 71 additions and 1 deletion.
72 changes: 71 additions & 1 deletion builtin/providers/aws/resource_aws_db_security_group.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ func resourceAwsDbSecurityGroup() *schema.Resource {
"ingress": &schema.Schema{
Type: schema.TypeSet,
Required: true,
ForceNew: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"cidr": &schema.Schema{
Expand Down Expand Up @@ -209,6 +208,42 @@ func resourceAwsDbSecurityGroupUpdate(d *schema.ResourceData, meta interface{})
d.SetPartial("tags")
}
}

if d.HasChange("ingress") {
sg, err := resourceAwsDbSecurityGroupRetrieve(d, meta)
if err != nil {
return err
}

oi, ni := d.GetChange("ingress")
if oi == nil {
oi = new(schema.Set)
}
if ni == nil {
ni = new(schema.Set)
}

ois := oi.(*schema.Set)
nis := ni.(*schema.Set)
removeIngress := ois.Difference(nis).List()
newIngress := nis.Difference(ois).List()

// DELETE old Ingress rules
for _, ing := range removeIngress {
err := resourceAwsDbSecurityGroupRevokeRule(ing, *sg.DBSecurityGroupName, conn)
if err != nil {
return err
}
}

// ADD new/updated Ingress rules
for _, ing := range newIngress {
err := resourceAwsDbSecurityGroupAuthorizeRule(ing, *sg.DBSecurityGroupName, conn)
if err != nil {
return err
}
}
}
d.Partial(false)

return resourceAwsDbSecurityGroupRead(d, meta)
Expand Down Expand Up @@ -293,6 +328,41 @@ func resourceAwsDbSecurityGroupAuthorizeRule(ingress interface{}, dbSecurityGrou
return nil
}

// Revokes the ingress rule on the db security group
func resourceAwsDbSecurityGroupRevokeRule(ingress interface{}, dbSecurityGroupName string, conn *rds.RDS) error {
ing := ingress.(map[string]interface{})

opts := rds.RevokeDBSecurityGroupIngressInput{
DBSecurityGroupName: aws.String(dbSecurityGroupName),
}

if attr, ok := ing["cidr"]; ok && attr != "" {
opts.CIDRIP = aws.String(attr.(string))
}

if attr, ok := ing["security_group_name"]; ok && attr != "" {
opts.EC2SecurityGroupName = aws.String(attr.(string))
}

if attr, ok := ing["security_group_id"]; ok && attr != "" {
opts.EC2SecurityGroupId = aws.String(attr.(string))
}

if attr, ok := ing["security_group_owner_id"]; ok && attr != "" {
opts.EC2SecurityGroupOwnerId = aws.String(attr.(string))
}

log.Printf("[DEBUG] Revoking ingress rule configuration: %#v", opts)

_, err := conn.RevokeDBSecurityGroupIngress(&opts)

if err != nil {
return fmt.Errorf("Error revoking security group ingress: %s", err)
}

return nil
}

func resourceAwsDbSecurityGroupIngressHash(v interface{}) int {
var buf bytes.Buffer
m := v.(map[string]interface{})
Expand Down

0 comments on commit dd0850a

Please sign in to comment.