provider/aws: Fix issue with updating VPC Security Group IDs for an Instance

Currently, we weren't correctly setting the ids, and are setting both
`security_groups` and `vpc_security_group_ids`. As a result, we really only use
the former.

We also don't actually update the latter in the `update` method.

This PR fixes both issues, correctly reading `security_groups` vs.
`vpc_security_group_ids` and allows users to update the latter without
destroying the Instance when in a VPC.
This commit is contained in:
Clint Shryock 2015-04-21 17:07:30 -05:00
parent fa85e6b769
commit 036d199dd6
2 changed files with 33 additions and 7 deletions

View File

@ -358,10 +358,11 @@ func resourceAwsInstanceCreate(d *schema.ResourceData, meta interface{}) error {
// Security group names.
// For a nondefault VPC, you must use security group IDs instead.
// See http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html
if hasSubnet {
sgs := v.(*schema.Set).List()
if len(sgs) > 0 && hasSubnet {
log.Printf("[WARN] Deprecated. Attempting to use 'security_groups' within a VPC instance. Use 'vpc_security_group_ids' instead.")
}
for _, v := range v.(*schema.Set).List() {
for _, v := range sgs {
str := v.(string)
groups = append(groups, aws.String(str))
}
@ -620,11 +621,15 @@ func resourceAwsInstanceRead(d *schema.ResourceData, meta interface{}) error {
// IDs, we use IDs.
useID := instance.SubnetID != nil && *instance.SubnetID != ""
if v := d.Get("security_groups"); v != nil {
match := false
for _, v := range v.(*schema.Set).List() {
if strings.HasPrefix(v.(string), "sg-") {
match = true
break
match := useID
sgs := v.(*schema.Set).List()
if len(sgs) > 0 {
match = false
for _, v := range v.(*schema.Set).List() {
if strings.HasPrefix(v.(string), "sg-") {
match = true
break
}
}
}
@ -677,6 +682,23 @@ func resourceAwsInstanceUpdate(d *schema.ResourceData, meta interface{}) error {
}
}
if d.HasChange("vpc_security_group_ids") {
var groups []*string
if v := d.Get("vpc_security_group_ids"); v != nil {
for _, v := range v.(*schema.Set).List() {
groups = append(groups, aws.String(v.(string)))
}
}
_, err := conn.ModifyInstanceAttribute(&ec2.ModifyInstanceAttributeInput{
InstanceID: aws.String(d.Id()),
Groups: groups,
})
if err != nil {
return err
}
}
// TODO(mitchellh): wait for the attributes we modified to
// persist the change...

View File

@ -316,6 +316,10 @@ func TestAccAWSInstance_NetworkInstanceVPCSecurityGroupIDs(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists(
"aws_instance.foo_instance", &v),
resource.TestCheckResourceAttr(
"aws_instance.foo_instance", "security_groups.#", "0"),
resource.TestCheckResourceAttr(
"aws_instance.foo_instance", "vpc_security_group_ids.#", "1"),
),
},
},