Skip to content

Commit

Permalink
provider/aws: fix aws_security_group_rule refresh (#6730)
Browse files Browse the repository at this point in the history
When two rules differ only in source security group, EC2 APIs return
them as a single rule, but Terraform requires separate
aws_security_group_rule resources.

6bdab07 changed Read to set source_security_group_id (and
cidr_blocks) from the rule returned from EC2 and chose the first
source_security_group_id arbitrarily, which is wrong.

Makes TestAccAWSSecurityGroupRule_PartialMatching_Source pass again.

Also adds a comment noting that there is a bug in the new resource
importing feature.

Fixes #6728.
  • Loading branch information
glasser authored and catsby committed May 25, 2016
1 parent f891ab8 commit b342544
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
3 changes: 3 additions & 0 deletions builtin/providers/aws/import_aws_security_group.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ func resourceAwsSecurityGroupImportState(
d.SetType("aws_security_group_rule")
d.Set("security_group_id", sgId)
d.Set("type", ruleType)
// XXX If the rule contained more than one source security group, this
// will choose one of them. We actually need to create one rule for each
// source security group.
setFromIPPerm(d, sg, perm)
results = append(results, d)
}
Expand Down
2 changes: 1 addition & 1 deletion builtin/providers/aws/resource_aws_security_group_rule.go
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
log.Printf("[DEBUG] Found rule for Security Group Rule (%s): %s", d.Id(), rule)

d.Set("type", ruleType)
setFromIPPerm(d, sg, rule)
setFromIPPerm(d, sg, p)
return nil
}

Expand Down

0 comments on commit b342544

Please sign in to comment.