refactor default rule number to be a constant

hashicorp · Apr 15, 2016 · c8e29f1 · c8e29f1
1 parent d104bbd
commit c8e29f1
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/builtin/providers/aws/resource_aws_default_network_acl.go b/builtin/providers/aws/resource_aws_default_network_acl.go
@@ -9,9 +9,16 @@ import (
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
+// ACL Network ACLs all contain an explicit deny-all rule that cannot be
+// destroyed or changed by users. This rule is numbered very high to be a
+// catch-all.
+// See http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html#default-network-acl
+const awsDefaultAclRuleNumber = 32767
+
 func resourceAwsDefaultNetworkAcl() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceAwsDefaultNetworkAclCreate,
+                // We reuse aws_network_acl's read method, the operations are the same
 		Read:   resourceAwsNetworkAclRead,
 		Delete: resourceAwsDefaultNetworkAclDelete,
 		Update: resourceAwsDefaultNetworkAclUpdate,
@@ -255,8 +262,8 @@ func revokeRulesForType(netaclId, rType string, meta interface{}) error {
 	networkAcl := resp.NetworkAcls[0]
 	for _, e := range networkAcl.Entries {
 		// Skip the default rules added by AWS. They can be neither
-		// configured or deleted by users.
-		if *e.RuleNumber == 32767 {
+                // configured or deleted by users. See http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html#default-network-acl
+                if *e.RuleNumber == awsDefaultAclRuleNumber {
 			continue
 		}
 

diff --git a/builtin/providers/aws/resource_aws_network_acl.go b/builtin/providers/aws/resource_aws_network_acl.go
@@ -190,7 +190,7 @@ func resourceAwsNetworkAclRead(d *schema.ResourceData, meta interface{}) error {
 	for _, e := range networkAcl.Entries {
 		// Skip the default rules added by AWS. They can be neither
 		// configured or deleted by users.
-		if *e.RuleNumber == 32767 {
+		if *e.RuleNumber == awsDefaultAclRuleNumber {
 			continue
 		}
 
@@ -346,7 +346,7 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, conn *ec2
 			// neither modified nor destroyed. They have a custom rule
 			// number that is out of bounds for any other rule. If we
 			// encounter it, just continue. There's no work to be done.
-			if *remove.RuleNumber == 32767 {
+			if *remove.RuleNumber == awsDefaultAclRuleNumber {
 				continue
 			}