From 0297e0af993c64a6a3ebff12a0572bfa4abc9d6a Mon Sep 17 00:00:00 2001 From: "sathija.x.pavuluri" Date: Tue, 14 Jul 2020 19:24:25 -0400 Subject: [PATCH] rebased and addressed review feedback --- aws/import_aws_security_group.go | 37 ------------------- aws/resource_aws_security_group.go | 5 ++- aws/resource_aws_security_group_test.go | 29 ++++----------- website/docs/guides/version-3-upgrade.html.md | 7 ++++ 4 files changed, 18 insertions(+), 60 deletions(-) delete mode 100644 aws/import_aws_security_group.go diff --git a/aws/import_aws_security_group.go b/aws/import_aws_security_group.go deleted file mode 100644 index ea28bb8d35d..00000000000 --- a/aws/import_aws_security_group.go +++ /dev/null @@ -1,37 +0,0 @@ -package aws - -import ( - "fmt" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/terraform-providers/terraform-provider-aws/aws/internal/naming" -) - -func resourceAwsSecurityGroupImportState( - d *schema.ResourceData, - meta interface{}) ([]*schema.ResourceData, error) { - conn := meta.(*AWSClient).ec2conn - - // First query the security group - sgRaw, _, err := SGStateRefreshFunc(conn, d.Id())() - if err != nil { - return nil, err - } - if sgRaw == nil { - return nil, fmt.Errorf("security group not found") - } - sg := sgRaw.(*ec2.SecurityGroup) - - // Perform nil check to avoid ImportStateVerify difference when unconfigured - if namePrefix := naming.NamePrefixFromName(aws.StringValue(sg.GroupName)); namePrefix != nil { - d.Set("name_prefix", namePrefix) - } - - // Start building our results - results := make([]*schema.ResourceData, 1) - results[0] = d - - return results, nil -} diff --git a/aws/resource_aws_security_group.go b/aws/resource_aws_security_group.go index b35e4bcc6b3..ca74d528d77 100644 --- a/aws/resource_aws_security_group.go +++ b/aws/resource_aws_security_group.go @@ -29,7 +29,7 @@ func resourceAwsSecurityGroup() *schema.Resource { Update: resourceAwsSecurityGroupUpdate, Delete: resourceAwsSecurityGroupDelete, Importer: &schema.ResourceImporter{ - State: resourceAwsSecurityGroupImportState, + State: schema.ImportStatePassthrough, }, Timeouts: &schema.ResourceTimeout{ @@ -383,8 +383,9 @@ func resourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) erro d.Set("arn", sgArn.String()) d.Set("description", sg.Description) d.Set("name", sg.GroupName) - d.Set("vpc_id", sg.VpcId) + d.Set("name_prefix", aws.StringValue(naming.NamePrefixFromName(aws.StringValue(sg.GroupName)))) d.Set("owner_id", sg.OwnerId) + d.Set("vpc_id", sg.VpcId) if err := d.Set("ingress", ingressRules); err != nil { log.Printf("[WARN] Error setting Ingress rule set for (%s): %s", d.Id(), err) diff --git a/aws/resource_aws_security_group_test.go b/aws/resource_aws_security_group_test.go index e7df19df943..5bf81a2a4a5 100644 --- a/aws/resource_aws_security_group_test.go +++ b/aws/resource_aws_security_group_test.go @@ -1584,15 +1584,13 @@ func TestAccAWSSecurityGroup_drift(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(1), - // Below checks commented out, but will check state count. + ResourceName: resourceName, + ImportState: true, // In rules with cidr_block drift, import only creates a single ingress // rule with the cidr_blocks de-normalized. During subsequent apply, its // normalized to create the 2 ingress rules seen in checks above. - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete", "ingress", "egress"}, }, }, }) @@ -1663,15 +1661,13 @@ func TestAccAWSSecurityGroup_driftComplex(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(1), - // Below checks commented out, but will check state count. + ResourceName: resourceName, + ImportState: true, // In rules with cidr_block drift, import only creates a single ingress // rule with the cidr_blocks de-normalized. During subsequent apply, its // normalized to create the 2 ingress rules seen in checks above. - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete", "ingress", "egress"}, }, }, }) @@ -1966,15 +1962,6 @@ func TestAccAWSSecurityGroup_ipv4andipv6Egress(t *testing.T) { }) } -func testAccAWSSecurityGroupImportStateCheckFunc(expectedStates int) resource.ImportStateCheckFunc { - return func(s []*terraform.InstanceState) error { - if len(s) != expectedStates { - return fmt.Errorf("expected %d states, got %d: %#v", expectedStates, len(s), s) - } - return nil - } -} - func testAccAWSSecurityGroupCheckVPCIDExists(group *ec2.SecurityGroup) resource.TestCheckFunc { return func(*terraform.State) error { if *group.VpcId == "" { diff --git a/website/docs/guides/version-3-upgrade.html.md b/website/docs/guides/version-3-upgrade.html.md index 99c3bb87349..e736efec440 100644 --- a/website/docs/guides/version-3-upgrade.html.md +++ b/website/docs/guides/version-3-upgrade.html.md @@ -29,6 +29,7 @@ Upgrade topics: - [Resource: aws_lb_listener_rule](#resource-aws_lb_listener_rule) - [Resource: aws_msk_cluster](#resource-aws_msk_cluster) - [Resource: aws_s3_bucket](#resource-aws_s3_bucket) +- [Resource: aws_security_group](#resource-aws_security_group) - [Resource: aws_sns_platform_application](#resource-aws_sns_platform_application) - [Resource: aws_spot_fleet_request](#resource-aws_spot_fleet_request) @@ -455,6 +456,12 @@ resource "aws_s3_bucket" "example" { } ``` +## Resource: aws_security_group + +### Removal of Automatic aws_security_group_rule Import + +Previously when importing the `aws_security_group` resource with the [`terraform import` command](/docs/commands/import.html), the Terraform AWS Provider would automatically attempt to import an associated `aws_security_group_rule` resource(s) as well. This automatic resource import has been removed. Use the [`aws_security_group_rule` resource import](/docs/providers/aws/r/security_group_rule.html#import) to import those resources separately. + ## Resource: aws_sns_platform_application ### platform_credential and platform_principal Arguments No Longer Stored as SHA256 Hash