provider/aws: Fix issue with updating VPC Security Group IDs for an Instance
Currently, we weren't correctly setting the ids, and are setting both `security_groups` and `vpc_security_group_ids`. As a result, we really only use the former. We also don't actually update the latter in the `update` method. This PR fixes both issues, correctly reading `security_groups` vs. `vpc_security_group_ids` and allows users to update the latter without destroying the Instance when in a VPC.
This commit is contained in:
parent
fa85e6b769
commit
036d199dd6
|
@ -358,10 +358,11 @@ func resourceAwsInstanceCreate(d *schema.ResourceData, meta interface{}) error {
|
|||
// Security group names.
|
||||
// For a nondefault VPC, you must use security group IDs instead.
|
||||
// See http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html
|
||||
if hasSubnet {
|
||||
sgs := v.(*schema.Set).List()
|
||||
if len(sgs) > 0 && hasSubnet {
|
||||
log.Printf("[WARN] Deprecated. Attempting to use 'security_groups' within a VPC instance. Use 'vpc_security_group_ids' instead.")
|
||||
}
|
||||
for _, v := range v.(*schema.Set).List() {
|
||||
for _, v := range sgs {
|
||||
str := v.(string)
|
||||
groups = append(groups, aws.String(str))
|
||||
}
|
||||
|
@ -620,11 +621,15 @@ func resourceAwsInstanceRead(d *schema.ResourceData, meta interface{}) error {
|
|||
// IDs, we use IDs.
|
||||
useID := instance.SubnetID != nil && *instance.SubnetID != ""
|
||||
if v := d.Get("security_groups"); v != nil {
|
||||
match := false
|
||||
for _, v := range v.(*schema.Set).List() {
|
||||
if strings.HasPrefix(v.(string), "sg-") {
|
||||
match = true
|
||||
break
|
||||
match := useID
|
||||
sgs := v.(*schema.Set).List()
|
||||
if len(sgs) > 0 {
|
||||
match = false
|
||||
for _, v := range v.(*schema.Set).List() {
|
||||
if strings.HasPrefix(v.(string), "sg-") {
|
||||
match = true
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -677,6 +682,23 @@ func resourceAwsInstanceUpdate(d *schema.ResourceData, meta interface{}) error {
|
|||
}
|
||||
}
|
||||
|
||||
if d.HasChange("vpc_security_group_ids") {
|
||||
var groups []*string
|
||||
if v := d.Get("vpc_security_group_ids"); v != nil {
|
||||
for _, v := range v.(*schema.Set).List() {
|
||||
groups = append(groups, aws.String(v.(string)))
|
||||
}
|
||||
}
|
||||
_, err := conn.ModifyInstanceAttribute(&ec2.ModifyInstanceAttributeInput{
|
||||
InstanceID: aws.String(d.Id()),
|
||||
Groups: groups,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// TODO(mitchellh): wait for the attributes we modified to
|
||||
// persist the change...
|
||||
|
||||
|
|
|
@ -316,6 +316,10 @@ func TestAccAWSInstance_NetworkInstanceVPCSecurityGroupIDs(t *testing.T) {
|
|||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckInstanceExists(
|
||||
"aws_instance.foo_instance", &v),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_instance.foo_instance", "security_groups.#", "0"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_instance.foo_instance", "vpc_security_group_ids.#", "1"),
|
||||
),
|
||||
},
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue