rebased and addressed review feedback

hashicorp · Jul 15, 2020 · 0297e0a · 0297e0a
1 parent 50125f3
commit 0297e0a
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 60 deletions.
diff --git a/aws/import_aws_security_group.go b/aws/import_aws_security_group.go
diff --git a/aws/resource_aws_security_group.go b/aws/resource_aws_security_group.go
@@ -29,7 +29,7 @@ func resourceAwsSecurityGroup() *schema.Resource {
 		Update: resourceAwsSecurityGroupUpdate,
 		Delete: resourceAwsSecurityGroupDelete,
 		Importer: &schema.ResourceImporter{
-			State: resourceAwsSecurityGroupImportState,
+			State: schema.ImportStatePassthrough,
 		},
 
 		Timeouts: &schema.ResourceTimeout{
@@ -383,8 +383,9 @@ func resourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("arn", sgArn.String())
 	d.Set("description", sg.Description)
 	d.Set("name", sg.GroupName)
-	d.Set("vpc_id", sg.VpcId)
+	d.Set("name_prefix", aws.StringValue(naming.NamePrefixFromName(aws.StringValue(sg.GroupName))))
 	d.Set("owner_id", sg.OwnerId)
+	d.Set("vpc_id", sg.VpcId)
 
 	if err := d.Set("ingress", ingressRules); err != nil {
 		log.Printf("[WARN] Error setting Ingress rule set for (%s): %s", d.Id(), err)

diff --git a/aws/resource_aws_security_group_test.go b/aws/resource_aws_security_group_test.go
@@ -1584,15 +1584,13 @@ func TestAccAWSSecurityGroup_drift(t *testing.T) {
 				),
 			},
 			{
-				ResourceName:     resourceName,
-				ImportState:      true,
-				ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(1),
-				// Below checks commented out, but will check state count.
+				ResourceName: resourceName,
+				ImportState:  true,
 				// In rules with cidr_block drift, import only creates a single ingress
 				// rule with the cidr_blocks de-normalized. During subsequent apply, its
 				// normalized to create the 2 ingress rules seen in checks above.
-				//ImportStateVerify:       true,
-				//ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"},
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"revoke_rules_on_delete", "ingress", "egress"},
 			},
 		},
 	})
@@ -1663,15 +1661,13 @@ func TestAccAWSSecurityGroup_driftComplex(t *testing.T) {
 				),
 			},
 			{
-				ResourceName:     resourceName,
-				ImportState:      true,
-				ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(1),
-				// Below checks commented out, but will check state count.
+				ResourceName: resourceName,
+				ImportState:  true,
 				// In rules with cidr_block drift, import only creates a single ingress
 				// rule with the cidr_blocks de-normalized. During subsequent apply, its
 				// normalized to create the 2 ingress rules seen in checks above.
-				//ImportStateVerify:       true,
-				//ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"},
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"revoke_rules_on_delete", "ingress", "egress"},
 			},
 		},
 	})
@@ -1966,15 +1962,6 @@ func TestAccAWSSecurityGroup_ipv4andipv6Egress(t *testing.T) {
 	})
 }
 
-func testAccAWSSecurityGroupImportStateCheckFunc(expectedStates int) resource.ImportStateCheckFunc {
-	return func(s []*terraform.InstanceState) error {
-		if len(s) != expectedStates {
-			return fmt.Errorf("expected %d states, got %d: %#v", expectedStates, len(s), s)
-		}
-		return nil
-	}
-}
-
 func testAccAWSSecurityGroupCheckVPCIDExists(group *ec2.SecurityGroup) resource.TestCheckFunc {
 	return func(*terraform.State) error {
 		if *group.VpcId == "" {

diff --git a/website/docs/guides/version-3-upgrade.html.md b/website/docs/guides/version-3-upgrade.html.md
@@ -29,6 +29,7 @@ Upgrade topics:
 - [Resource: aws_lb_listener_rule](#resource-aws_lb_listener_rule)
 - [Resource: aws_msk_cluster](#resource-aws_msk_cluster)
 - [Resource: aws_s3_bucket](#resource-aws_s3_bucket)
+- [Resource: aws_security_group](#resource-aws_security_group)
 - [Resource: aws_sns_platform_application](#resource-aws_sns_platform_application)
 - [Resource: aws_spot_fleet_request](#resource-aws_spot_fleet_request)
 
@@ -455,6 +456,12 @@ resource "aws_s3_bucket" "example" {
 }
 ```
 
+## Resource: aws_security_group
+
+### Removal of Automatic aws_security_group_rule Import
+
+Previously when importing the `aws_security_group` resource with the [`terraform import` command](/docs/commands/import.html), the Terraform AWS Provider would automatically attempt to import an associated `aws_security_group_rule` resource(s) as well. This automatic resource import has been removed. Use the [`aws_security_group_rule` resource import](/docs/providers/aws/r/security_group_rule.html#import) to import those resources separately.
+
 ## Resource: aws_sns_platform_application
 
 ### platform_credential and platform_principal Arguments No Longer Stored as SHA256 Hash