From 690280e045083a1b72d2b4bb1fa89bb44b688e83 Mon Sep 17 00:00:00 2001
From: Kurt McAlpine <kurt@linux.com>
Date: Sat, 29 Aug 2020 13:52:14 +1200
Subject: [PATCH] Add cidrs attribute to aws_lightsail_instance_public_ports
 resource

---
 ...rce_aws_lightsail_instance_public_ports.go | 25 ++++++++
 ...ws_lightsail_instance_public_ports_test.go | 61 +++++++++++++++++++
 ...htsail_instance_public_ports.html.markdown |  1 +
 3 files changed, 87 insertions(+)

diff --git a/aws/resource_aws_lightsail_instance_public_ports.go b/aws/resource_aws_lightsail_instance_public_ports.go
index 5116ce73b222..4019948f569d 100644
--- a/aws/resource_aws_lightsail_instance_public_ports.go
+++ b/aws/resource_aws_lightsail_instance_public_ports.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"log"
+	"sort"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/lightsail"
@@ -51,6 +52,15 @@ func resourceAwsLightsailInstancePublicPorts() *schema.Resource {
 							ForceNew:     true,
 							ValidateFunc: validation.IntBetween(0, 65535),
 						},
+						"cidrs": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Computed: true,
+							Elem: &schema.Schema{
+								Type:         schema.TypeString,
+								ValidateFunc: validateCIDRNetworkAddress,
+							},
+						},
 					},
 				},
 			},
@@ -151,6 +161,15 @@ func expandLightsailPortInfo(tfMap map[string]interface{}) *lightsail.PortInfo {
 		ToPort:   aws.Int64((int64)(tfMap["to_port"].(int))),
 		Protocol: aws.String(tfMap["protocol"].(string)),
 	}
+	if cidrs, ok := tfMap["cidrs"]; ok {
+		for _, v := range cidrs.([]interface{}) {
+			apiObject.Cidrs = append(apiObject.Cidrs, aws.String(v.(string)))
+		}
+
+		sort.Slice(apiObject.Cidrs, func(i, j int) bool {
+			return *apiObject.Cidrs[i] > *apiObject.Cidrs[j]
+		})
+	}
 
 	return apiObject
 }
@@ -192,6 +211,12 @@ func flattenLightsailInstancePortState(apiObject *lightsail.InstancePortState) m
 	tfMap["to_port"] = aws.Int64Value(apiObject.ToPort)
 	tfMap["protocol"] = aws.StringValue(apiObject.Protocol)
 
+	cidrs := apiObject.Cidrs
+	sort.Slice(cidrs, func(i, j int) bool {
+		return *cidrs[i] > *cidrs[j]
+	})
+	tfMap["cidrs"] = aws.StringValueSlice(cidrs)
+
 	return tfMap
 }
 
diff --git a/aws/resource_aws_lightsail_instance_public_ports_test.go b/aws/resource_aws_lightsail_instance_public_ports_test.go
index d22363706e16..5907a45c526f 100644
--- a/aws/resource_aws_lightsail_instance_public_ports_test.go
+++ b/aws/resource_aws_lightsail_instance_public_ports_test.go
@@ -71,6 +71,36 @@ func TestAccAWSLightsailInstancePublicPorts_multiple(t *testing.T) {
 	})
 }
 
+func TestAccAWSLightsailInstancePublicPorts_cidrs(t *testing.T) {
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_lightsail_instance_public_ports.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccPartitionHasServicePreCheck(lightsail.EndpointsID, t)
+			testAccPreCheckAWSLightsail(t)
+		},
+		ErrorCheck:   testAccErrorCheck(t, lightsail.EndpointsID),
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSLightsailInstancePublicPortsDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSLightsailInstancePublicPortsConfig_cidrs(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSLightsailInstancePublicPortsExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "port_info.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "port_info.0.protocol", "tcp"),
+					resource.TestCheckResourceAttr(resourceName, "port_info.0.from_port", "125"),
+					resource.TestCheckResourceAttr(resourceName, "port_info.0.to_port", "125"),
+					resource.TestCheckResourceAttr(resourceName, "port_info.0.cidrs.0", "192.168.1.0/24"),
+					resource.TestCheckResourceAttr(resourceName, "port_info.0.cidrs.1", "1.1.1.1/32"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSLightsailInstancePublicPortsExists(resourceName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[resourceName]
@@ -189,3 +219,34 @@ resource "aws_lightsail_instance_public_ports" "test" {
 }
 `, rName)
 }
+
+func testAccAWSLightsailInstancePublicPortsConfig_cidrs(rName string) string {
+	return fmt.Sprintf(`
+data "aws_availability_zones" "available" {
+  state = "available"
+
+  filter {
+    name   = "opt-in-status"
+    values = ["opt-in-not-required"]
+  }
+}
+
+resource "aws_lightsail_instance" "test" {
+  name              = %[1]q
+  availability_zone = data.aws_availability_zones.available.names[0]
+  blueprint_id      = "amazon_linux"
+  bundle_id         = "nano_1_0"
+}
+
+resource "aws_lightsail_instance_public_ports" "test" {
+  instance_name = aws_lightsail_instance.test.name
+
+  port_info {
+    protocol  = "tcp"
+    from_port = 125
+    to_port   = 125
+    cidrs     = ["192.168.1.0/24", "1.1.1.1/32"]
+  }
+}
+`, rName)
+}
diff --git a/website/docs/r/lightsail_instance_public_ports.html.markdown b/website/docs/r/lightsail_instance_public_ports.html.markdown
index 320f7d51957b..c2bbc343363a 100644
--- a/website/docs/r/lightsail_instance_public_ports.html.markdown
+++ b/website/docs/r/lightsail_instance_public_ports.html.markdown
@@ -47,6 +47,7 @@ The following arguments are required:
 * `from_port` - (Required) First port in a range of open ports on an instance.
 * `protocol` - (Required) IP protocol name. Valid values are `tcp`, `all`, `udp`, and `icmp`.
 * `to_port` - (Required) Last port in a range of open ports on an instance.
+* `cidrs` - (Optional) List of CIDR blocks.
 
 ## Attributes Reference