Added ipv6 suppport to SG

Author: csnitker-godaddy

internal/alb/sg/security_group.go

@@ -105,6 +105,12 @@ func ipPermissionEquals(source *ec2.IpPermission, target *ec2.IpPermission) bool
 	if len(diffIPRanges(target.IpRanges, source.IpRanges)) != 0 {
 		return false
 	}
+	if len(diffIPv6Ranges(source.Ipv6Ranges, target.Ipv6Ranges)) != 0 {
+		return false
+	}
+	if len(diffIPv6Ranges(target.Ipv6Ranges, source.Ipv6Ranges)) != 0 {
+		return false
+	}
 	if len(diffUserIDGroupPairs(source.UserIdGroupPairs, target.UserIdGroupPairs)) != 0 {
 		return false
 	}
@@ -115,12 +121,29 @@ func ipPermissionEquals(source *ec2.IpPermission, target *ec2.IpPermission) bool
 	return true
 }
 
+// diffIPv6Ranges calculates set_difference as source - target
+func diffIPv6Ranges(source []*ec2.Ipv6Range, target []*ec2.Ipv6Range) (diffs []*ec2.Ipv6Range) {
+	for _, sRange := range source {
+		containsInTarget := false
+		for _, tRange := range target {
+			if ipRangeEquals(sRange.CidrIpv6, tRange.CidrIpv6) {
+				containsInTarget = true
+				break
+			}
+		}
+		if !containsInTarget {
+			diffs = append(diffs, sRange)
+		}
+	}
+	return diffs
+}
+
 // diffIPRanges calculates set_difference as source - target
 func diffIPRanges(source []*ec2.IpRange, target []*ec2.IpRange) (diffs []*ec2.IpRange) {
 	for _, sRange := range source {
 		containsInTarget := false
 		for _, tRange := range target {
-			if ipRangeEquals(sRange, tRange) {
+			if ipRangeEquals(sRange.CidrIp, tRange.CidrIp) {
 				containsInTarget = true
 				break
 			}
@@ -133,8 +156,8 @@ func diffIPRanges(source []*ec2.IpRange, target []*ec2.IpRange) (diffs []*ec2.Ip
 }
 
 // ipRangeEquals test whether two IPRange instance are equals
-func ipRangeEquals(source *ec2.IpRange, target *ec2.IpRange) bool {
-	return aws.StringValue(source.CidrIp) == aws.StringValue(target.CidrIp)
+func ipRangeEquals(source *string, target *string) bool {
+	return aws.StringValue(source) == aws.StringValue(target)
 }
 
 // diffUserIDGroupPairs calculates set_difference as source - target

internal/alb/sg/security_group_test.go

@@ -390,6 +390,11 @@ func TestDiffIPPermissions(t *testing.T) {
 							CidrIp: aws.String("192.168.1.1/32"),
 						},
 					},
+					Ipv6Ranges: []*ec2.Ipv6Range{
+						{
+							CidrIpv6: aws.String("::/0"),
+						},
+					},
 					UserIdGroupPairs: []*ec2.UserIdGroupPair{
 						{
 							GroupId: aws.String("groupA"),
@@ -398,6 +403,69 @@ func TestDiffIPPermissions(t *testing.T) {
 				},
 			},
 			target: []*ec2.IpPermission{},
+			expectedDiffs: []*ec2.IpPermission{
+				{
+					IpProtocol: aws.String("tcp"),
+					FromPort:   aws.Int64(80),
+					ToPort:     aws.Int64(81),
+					IpRanges: []*ec2.IpRange{
+						{
+							CidrIp: aws.String("192.168.1.1/32"),
+						},
+					},
+					Ipv6Ranges: []*ec2.Ipv6Range{
+						{
+							CidrIpv6: aws.String("::/0"),
+						},
+					},
+					UserIdGroupPairs: []*ec2.UserIdGroupPair{
+						{
+							GroupId: aws.String("groupA"),
+						},
+					},
+				},
+			},
+		},
+		{
+			source: []*ec2.IpPermission{
+				{
+					IpProtocol: aws.String("tcp"),
+					FromPort:   aws.Int64(80),
+					ToPort:     aws.Int64(81),
+					IpRanges: []*ec2.IpRange{
+						{
+							CidrIp: aws.String("192.168.1.1/32"),
+						},
+					},
+					UserIdGroupPairs: []*ec2.UserIdGroupPair{
+						{
+							GroupId: aws.String("groupA"),
+						},
+					},
+				},
+			},
+			target: []*ec2.IpPermission{
+				{
+					IpProtocol: aws.String("tcp"),
+					FromPort:   aws.Int64(80),
+					ToPort:     aws.Int64(81),
+					IpRanges: []*ec2.IpRange{
+						{
+							CidrIp: aws.String("192.168.1.1/32"),
+						},
+					},
+					Ipv6Ranges: []*ec2.Ipv6Range{
+						{
+							CidrIpv6: aws.String("::/0"),
+						},
+					},
+					UserIdGroupPairs: []*ec2.UserIdGroupPair{
+						{
+							GroupId: aws.String("groupA"),
+						},
+					},
+				},
+			},
 			expectedDiffs: []*ec2.IpPermission{
 				{
 					IpProtocol: aws.String("tcp"),