Skip to content

Commit

Permalink
This adds the source_dest_check attribute to the aws_network_interfac…
Browse files Browse the repository at this point in the history
…e resource

Defaults to true to be consistent with AWS
  • Loading branch information
Jesse Szwedko authored and braintreeps committed Jul 23, 2015
1 parent 5a15c02 commit 5554942
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 0 deletions.
19 changes: 19 additions & 0 deletions builtin/providers/aws/resource_aws_network_interface.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,12 @@ func resourceAwsNetworkInterface() *schema.Resource {
Set: schema.HashString,
},

"source_dest_check": &schema.Schema{
Type: schema.TypeBool,
Optional: true,
Default: true,
},

"attachment": &schema.Schema{
Type: schema.TypeSet,
Optional: true,
Expand Down Expand Up @@ -127,6 +133,7 @@ func resourceAwsNetworkInterfaceRead(d *schema.ResourceData, meta interface{}) e
d.Set("subnet_id", eni.SubnetID)
d.Set("private_ips", flattenNetworkInterfacesPrivateIPAddesses(eni.PrivateIPAddresses))
d.Set("security_groups", flattenGroupIdentifiers(eni.Groups))
d.Set("source_dest_check", eni.SourceDestCheck)

// Tags
d.Set("tags", tagsToMap(eni.TagSet))
Expand Down Expand Up @@ -221,6 +228,18 @@ func resourceAwsNetworkInterfaceUpdate(d *schema.ResourceData, meta interface{})
d.SetPartial("attachment")
}

request := &ec2.ModifyNetworkInterfaceAttributeInput{
NetworkInterfaceID: aws.String(d.Id()),
SourceDestCheck: &ec2.AttributeBooleanValue{Value: aws.Boolean(d.Get("source_dest_check").(bool))},
}

_, err := conn.ModifyNetworkInterfaceAttribute(request)
if err != nil {
return fmt.Errorf("Failure updating ENI: %s", err)
}

d.SetPartial("source_dest_check")

if d.HasChange("security_groups") {
request := &ec2.ModifyNetworkInterfaceAttributeInput{
NetworkInterfaceID: aws.String(d.Id()),
Expand Down
42 changes: 42 additions & 0 deletions builtin/providers/aws/resource_aws_network_interface_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,26 @@ func TestAccAWSENI_attached(t *testing.T) {
})
}

func TestAccAWSENI_sourceDestCheck(t *testing.T) {
var conf ec2.NetworkInterface

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSENIDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSENIConfigWithSourceDestCheck,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSENIExists("aws_network_interface.bar", &conf),
resource.TestCheckResourceAttr(
"aws_network_interface.bar", "source_dest_check", "false"),
),
},
},
})
}

func testAccCheckAWSENIExists(n string, res *ec2.NetworkInterface) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
Expand Down Expand Up @@ -108,6 +128,10 @@ func testAccCheckAWSENIAttributes(conf *ec2.NetworkInterface) resource.TestCheck
return fmt.Errorf("expected private ip to be 172.16.10.100, but was %s", *conf.PrivateIPAddress)
}

if *conf.SourceDestCheck != true {
return fmt.Errorf("expected source_dest_check to be true, but was %t", *conf.SourceDestCheck)
}

if len(conf.TagSet) == 0 {
return fmt.Errorf("expected tags")
}
Expand Down Expand Up @@ -201,6 +225,24 @@ resource "aws_network_interface" "bar" {
}
`

const testAccAWSENIConfigWithSourceDestCheck = `
resource "aws_vpc" "foo" {
cidr_block = "172.16.0.0/16"
}
resource "aws_subnet" "foo" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = "172.16.10.0/24"
availability_zone = "us-west-2a"
}
resource "aws_network_interface" "bar" {
subnet_id = "${aws_subnet.foo.id}"
source_dest_check = false
private_ips = ["172.16.10.100"]
}
`

const testAccAWSENIConfigWithAttachment = `
resource "aws_vpc" "foo" {
cidr_block = "172.16.0.0/16"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ The following arguments are supported:
* `private_ips` - (Optional) List of private IPs to assign to the ENI.
* `security_groups` - (Optional) List of security group IDs to assign to the ENI.
* `attachment` - (Required) Block to define the attachment of the ENI. Documented below.
* `source_dest_check` - (Optional) Whether to enable source destination checking for the ENI. Default true.
* `tags` - (Optional) A mapping of tags to assign to the resource.

The `attachment` block supports:
Expand All @@ -47,5 +48,6 @@ The following attributes are exported:
* `private_ips` - List of private IPs assigned to the ENI.
* `security_groups` - List of security groups attached to the ENI.
* `attachment` - Block defining the attachment of the ENI.
* `source_dest_check` - Whether source destination checking is enabled
* `tags` - Tags assigned to the ENI.

0 comments on commit 5554942

Please sign in to comment.