Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/aws_security_group: AWS API consistency for protocol of -1 #27642

Merged
merged 10 commits into from
Nov 7, 2022
Merged

r/aws_security_group: AWS API consistency for protocol of -1 #27642

merged 10 commits into from
Nov 7, 2022

Conversation

ewbankkit
Copy link
Contributor

@ewbankkit ewbankkit commented Nov 3, 2022
edited

Description

Ensures consistency between the aws_security_group and aws_security_group_rule resources when calling the AWS (Authorize|Revoke)SecurityGroup(Ingress|Egress) APIs for rules with a protocol value of -1.

The key change is done in 4f21a7d - ExpandIPPerms now does not set any value for FromPort or ToPort if the protocol value is -1.

Relations

Closes #27079.

Output from Acceptance Testing

% make testacc TESTARGS='-run=TestAccVPCSecurityGroup_' PKG=ec2 ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 3  -run=TestAccVPCSecurityGroup_ -timeout 180m
=== RUN   TestAccVPCSecurityGroup_basic
=== PAUSE TestAccVPCSecurityGroup_basic
=== RUN   TestAccVPCSecurityGroup_disappears
=== PAUSE TestAccVPCSecurityGroup_disappears
=== RUN   TestAccVPCSecurityGroup_noVPC
=== PAUSE TestAccVPCSecurityGroup_noVPC
=== RUN   TestAccVPCSecurityGroup_nameGenerated
=== PAUSE TestAccVPCSecurityGroup_nameGenerated
=== RUN   TestAccVPCSecurityGroup_nameTerraformPrefix
=== PAUSE TestAccVPCSecurityGroup_nameTerraformPrefix
=== RUN   TestAccVPCSecurityGroup_namePrefix
=== PAUSE TestAccVPCSecurityGroup_namePrefix
=== RUN   TestAccVPCSecurityGroup_namePrefixTerraform
=== PAUSE TestAccVPCSecurityGroup_namePrefixTerraform
=== RUN   TestAccVPCSecurityGroup_tags
=== PAUSE TestAccVPCSecurityGroup_tags
=== RUN   TestAccVPCSecurityGroup_allowAll
=== PAUSE TestAccVPCSecurityGroup_allowAll
=== RUN   TestAccVPCSecurityGroup_sourceSecurityGroup
=== PAUSE TestAccVPCSecurityGroup_sourceSecurityGroup
=== RUN   TestAccVPCSecurityGroup_ipRangeAndSecurityGroupWithSameRules
=== PAUSE TestAccVPCSecurityGroup_ipRangeAndSecurityGroupWithSameRules
=== RUN   TestAccVPCSecurityGroup_ipRangesWithSameRules
=== PAUSE TestAccVPCSecurityGroup_ipRangesWithSameRules
=== RUN   TestAccVPCSecurityGroup_egressMode
=== PAUSE TestAccVPCSecurityGroup_egressMode
=== RUN   TestAccVPCSecurityGroup_ingressMode
=== PAUSE TestAccVPCSecurityGroup_ingressMode
=== RUN   TestAccVPCSecurityGroup_ruleGathering
=== PAUSE TestAccVPCSecurityGroup_ruleGathering
=== RUN   TestAccVPCSecurityGroup_forceRevokeRulesTrue
=== PAUSE TestAccVPCSecurityGroup_forceRevokeRulesTrue
=== RUN   TestAccVPCSecurityGroup_forceRevokeRulesFalse
=== PAUSE TestAccVPCSecurityGroup_forceRevokeRulesFalse
=== RUN   TestAccVPCSecurityGroup_change
=== PAUSE TestAccVPCSecurityGroup_change
=== RUN   TestAccVPCSecurityGroup_ipv6
=== PAUSE TestAccVPCSecurityGroup_ipv6
=== RUN   TestAccVPCSecurityGroup_self
=== PAUSE TestAccVPCSecurityGroup_self
=== RUN   TestAccVPCSecurityGroup_vpc
=== PAUSE TestAccVPCSecurityGroup_vpc
=== RUN   TestAccVPCSecurityGroup_vpcNegOneIngress
=== PAUSE TestAccVPCSecurityGroup_vpcNegOneIngress
=== RUN   TestAccVPCSecurityGroup_vpcProtoNumIngress
=== PAUSE TestAccVPCSecurityGroup_vpcProtoNumIngress
=== RUN   TestAccVPCSecurityGroup_multiIngress
=== PAUSE TestAccVPCSecurityGroup_multiIngress
=== RUN   TestAccVPCSecurityGroup_vpcAllEgress
=== PAUSE TestAccVPCSecurityGroup_vpcAllEgress
=== RUN   TestAccVPCSecurityGroup_ruleDescription
=== PAUSE TestAccVPCSecurityGroup_ruleDescription
=== RUN   TestAccVPCSecurityGroup_defaultEgressVPC
=== PAUSE TestAccVPCSecurityGroup_defaultEgressVPC
=== RUN   TestAccVPCSecurityGroup_driftComplex
=== PAUSE TestAccVPCSecurityGroup_driftComplex
=== RUN   TestAccVPCSecurityGroup_invalidCIDRBlock
=== PAUSE TestAccVPCSecurityGroup_invalidCIDRBlock
=== RUN   TestAccVPCSecurityGroup_cidrAndGroups
=== PAUSE TestAccVPCSecurityGroup_cidrAndGroups
=== RUN   TestAccVPCSecurityGroup_ingressWithCIDRAndSGsVPC
=== PAUSE TestAccVPCSecurityGroup_ingressWithCIDRAndSGsVPC
=== RUN   TestAccVPCSecurityGroup_egressWithPrefixList
=== PAUSE TestAccVPCSecurityGroup_egressWithPrefixList
=== RUN   TestAccVPCSecurityGroup_ingressWithPrefixList
=== PAUSE TestAccVPCSecurityGroup_ingressWithPrefixList
=== RUN   TestAccVPCSecurityGroup_ipv4AndIPv6Egress
=== PAUSE TestAccVPCSecurityGroup_ipv4AndIPv6Egress
=== RUN   TestAccVPCSecurityGroup_failWithDiffMismatch
=== PAUSE TestAccVPCSecurityGroup_failWithDiffMismatch
=== RUN   TestAccVPCSecurityGroup_RuleLimit_exceededAppend
=== PAUSE TestAccVPCSecurityGroup_RuleLimit_exceededAppend
=== RUN   TestAccVPCSecurityGroup_RuleLimit_cidrBlockExceededAppend
=== PAUSE TestAccVPCSecurityGroup_RuleLimit_cidrBlockExceededAppend
=== RUN   TestAccVPCSecurityGroup_RuleLimit_exceededPrepend
=== PAUSE TestAccVPCSecurityGroup_RuleLimit_exceededPrepend
=== RUN   TestAccVPCSecurityGroup_RuleLimit_exceededAllNew
=== PAUSE TestAccVPCSecurityGroup_RuleLimit_exceededAllNew
=== RUN   TestAccVPCSecurityGroup_rulesDropOnError
=== PAUSE TestAccVPCSecurityGroup_rulesDropOnError
=== RUN   TestAccVPCSecurityGroup_emrDependencyViolation
=== PAUSE TestAccVPCSecurityGroup_emrDependencyViolation
=== CONT  TestAccVPCSecurityGroup_basic
=== CONT  TestAccVPCSecurityGroup_vpcNegOneIngress
=== CONT  TestAccVPCSecurityGroup_ipRangesWithSameRules
--- PASS: TestAccVPCSecurityGroup_vpcNegOneIngress (24.17s)
=== CONT  TestAccVPCSecurityGroup_namePrefixTerraform
--- PASS: TestAccVPCSecurityGroup_basic (24.50s)
=== CONT  TestAccVPCSecurityGroup_ipRangeAndSecurityGroupWithSameRules
--- PASS: TestAccVPCSecurityGroup_ipRangesWithSameRules (26.37s)
=== CONT  TestAccVPCSecurityGroup_sourceSecurityGroup
--- PASS: TestAccVPCSecurityGroup_namePrefixTerraform (24.11s)
=== CONT  TestAccVPCSecurityGroup_allowAll
--- PASS: TestAccVPCSecurityGroup_ipRangeAndSecurityGroupWithSameRules (28.63s)
=== CONT  TestAccVPCSecurityGroup_tags
--- PASS: TestAccVPCSecurityGroup_sourceSecurityGroup (27.51s)
=== CONT  TestAccVPCSecurityGroup_forceRevokeRulesFalse
--- PASS: TestAccVPCSecurityGroup_allowAll (26.22s)
=== CONT  TestAccVPCSecurityGroup_vpc
--- PASS: TestAccVPCSecurityGroup_vpc (24.30s)
=== CONT  TestAccVPCSecurityGroup_self
--- PASS: TestAccVPCSecurityGroup_tags (52.60s)
=== CONT  TestAccVPCSecurityGroup_egressWithPrefixList
--- PASS: TestAccVPCSecurityGroup_self (25.25s)
=== CONT  TestAccVPCSecurityGroup_ipv6
--- PASS: TestAccVPCSecurityGroup_egressWithPrefixList (38.80s)
=== CONT  TestAccVPCSecurityGroup_change
--- PASS: TestAccVPCSecurityGroup_ipv6 (24.74s)
=== CONT  TestAccVPCSecurityGroup_ruleGathering
--- PASS: TestAccVPCSecurityGroup_change (38.22s)
=== CONT  TestAccVPCSecurityGroup_forceRevokeRulesTrue
--- PASS: TestAccVPCSecurityGroup_ruleGathering (39.56s)
=== CONT  TestAccVPCSecurityGroup_defaultEgressVPC
--- PASS: TestAccVPCSecurityGroup_defaultEgressVPC (24.15s)
=== CONT  TestAccVPCSecurityGroup_nameGenerated
--- PASS: TestAccVPCSecurityGroup_nameGenerated (23.60s)
=== CONT  TestAccVPCSecurityGroup_namePrefix
--- PASS: TestAccVPCSecurityGroup_namePrefix (23.28s)
=== CONT  TestAccVPCSecurityGroup_ingressWithCIDRAndSGsVPC
--- PASS: TestAccVPCSecurityGroup_ingressWithCIDRAndSGsVPC (30.27s)
=== CONT  TestAccVPCSecurityGroup_nameTerraformPrefix
--- PASS: TestAccVPCSecurityGroup_nameTerraformPrefix (23.14s)
=== CONT  TestAccVPCSecurityGroup_emrDependencyViolation
--- PASS: TestAccVPCSecurityGroup_forceRevokeRulesTrue (331.90s)
=== CONT  TestAccVPCSecurityGroup_rulesDropOnError
--- PASS: TestAccVPCSecurityGroup_rulesDropOnError (43.47s)
=== CONT  TestAccVPCSecurityGroup_cidrAndGroups
--- PASS: TestAccVPCSecurityGroup_cidrAndGroups (29.22s)
=== CONT  TestAccVPCSecurityGroup_ingressMode
--- PASS: TestAccVPCSecurityGroup_ingressMode (50.32s)
=== CONT  TestAccVPCSecurityGroup_RuleLimit_exceededAllNew
--- PASS: TestAccVPCSecurityGroup_RuleLimit_exceededAllNew (52.77s)
=== CONT  TestAccVPCSecurityGroup_invalidCIDRBlock
--- PASS: TestAccVPCSecurityGroup_invalidCIDRBlock (2.86s)
=== CONT  TestAccVPCSecurityGroup_RuleLimit_exceededPrepend
--- PASS: TestAccVPCSecurityGroup_RuleLimit_exceededPrepend (53.30s)
=== CONT  TestAccVPCSecurityGroup_RuleLimit_cidrBlockExceededAppend
--- PASS: TestAccVPCSecurityGroup_RuleLimit_cidrBlockExceededAppend (42.79s)
=== CONT  TestAccVPCSecurityGroup_vpcAllEgress
--- PASS: TestAccVPCSecurityGroup_vpcAllEgress (24.52s)
=== CONT  TestAccVPCSecurityGroup_RuleLimit_exceededAppend
--- PASS: TestAccVPCSecurityGroup_RuleLimit_exceededAppend (65.23s)
=== CONT  TestAccVPCSecurityGroup_driftComplex
--- PASS: TestAccVPCSecurityGroup_driftComplex (29.62s)
=== CONT  TestAccVPCSecurityGroup_ruleDescription
--- PASS: TestAccVPCSecurityGroup_ruleDescription (58.34s)
=== CONT  TestAccVPCSecurityGroup_failWithDiffMismatch
--- PASS: TestAccVPCSecurityGroup_failWithDiffMismatch (28.35s)
=== CONT  TestAccVPCSecurityGroup_ipv4AndIPv6Egress
--- PASS: TestAccVPCSecurityGroup_ipv4AndIPv6Egress (34.59s)
=== CONT  TestAccVPCSecurityGroup_egressMode
--- PASS: TestAccVPCSecurityGroup_egressMode (51.64s)
=== CONT  TestAccVPCSecurityGroup_ingressWithPrefixList
--- PASS: TestAccVPCSecurityGroup_ingressWithPrefixList (38.35s)
=== CONT  TestAccVPCSecurityGroup_noVPC
--- PASS: TestAccVPCSecurityGroup_forceRevokeRulesFalse (1080.00s)
=== CONT  TestAccVPCSecurityGroup_disappears
--- PASS: TestAccVPCSecurityGroup_noVPC (43.67s)
=== CONT  TestAccVPCSecurityGroup_multiIngress
--- PASS: TestAccVPCSecurityGroup_disappears (21.00s)
=== CONT  TestAccVPCSecurityGroup_vpcProtoNumIngress
--- PASS: TestAccVPCSecurityGroup_multiIngress (29.81s)
--- PASS: TestAccVPCSecurityGroup_vpcProtoNumIngress (24.44s)
--- PASS: TestAccVPCSecurityGroup_emrDependencyViolation (1833.75s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	2166.697s

@github-actions
Copy link

github-actions bot commented Nov 3, 2022

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@ewbankkit ewbankkit added this to the v4.39.0 milestone Nov 3, 2022
@github-actions github-actions bot added size/XL Managed by automation to categorize the size of a PR. service/vpc Issues and PRs that pertain to the vpc service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Nov 3, 2022
@ewbankkit ewbankkit mentioned this pull request Nov 3, 2022
Closed
@ewbankkit ewbankkit marked this pull request as ready for review November 3, 2022 21:11
@ewbankkit
Copy link
Contributor Author

Consider backporting to release/3.x.

@ewbankkit
r/aws_security_group: Treat rule.protocol 'all' like '-1'.
949ad6e
@ewbankkit
r/aws_security_group: Add 'TestAccVPCSecurityGroup_vpcAllEgress'.
0cdb420 
Acceptance test output:

% make testacc TESTARGS='-run=TestAccVPCSecurityGroup_vpcAllEgress' PKG=ec2 ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 2  -run=TestAccVPCSecurityGroup_vpcAllEgress -timeout 180m
=== RUN   TestAccVPCSecurityGroup_vpcAllEgress
=== PAUSE TestAccVPCSecurityGroup_vpcAllEgress
=== CONT  TestAccVPCSecurityGroup_vpcAllEgress
--- PASS: TestAccVPCSecurityGroup_vpcAllEgress (24.78s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	29.517s
@ewbankkit
Tweak CHANGELOG entries.
2bd93d6
@ewbankkit ewbankkit merged commit 147e7d3 into main Nov 7, 2022
@ewbankkit ewbankkit deleted the f-aws_security_group-rule.protocol branch November 7, 2022 21:01
github-actions bot pushed a commit that referenced this pull request Nov 7, 2022
Update CHANGELOG.md for #27642
f7a6be3
@ewbankkit ewbankkit mentioned this pull request Nov 7, 2022
Merged
@github-actions
Copy link

This functionality has been released in v4.39.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 11, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
service/vpc Issues and PRs that pertain to the vpc service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v4.39.0
Development

Successfully merging this pull request may close these issues.

[Enhancement]: Terraform Resources Call AWS EC2 Security Group APIs Inconsistently
1 participant
@ewbankkit