Differenciate security groups in VPC and in non VPC env

2015-03-07 17:04:53 +11:00 · 2015-03-07 17:04:53 +11:00 · 18c3042c47
parent e32ad9e3ae
commit 18c3042c47
1 changed files with 38 additions and 4 deletions
--- a/builtin/providers/aws/resource_aws_instance.go
+++ b/builtin/providers/aws/resource_aws_instance.go
@ -101,6 +101,16 @@ func resourceAwsInstance() *schema.Resource {
 				},
 			},

+			"vpc_security_groups_ids": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set: func(v interface{}) int {
+					return hashcode.String(v.(string))
+				},
+			},
+
 			"public_dns": &schema.Schema{
 				Type:     schema.TypeString,
 				Computed: true,
@ -282,10 +292,17 @@ func resourceAwsInstanceCreate(d *schema.ResourceData, meta interface{}) error {
 	}

 	if v := d.Get("security_groups"); v != nil {
+		if runOpts.SubnetId != "" {
+			log.Printf(
+				"[WARN] Deprecated. Attempting to use 'security_groups' within a VPC instance. Use 'vpc_security_group_ids' instead."
+			)
+		}
+
 		for _, v := range v.(*schema.Set).List() {
 			str := v.(string)

 			var g ec2.SecurityGroup
+			// Deprecated, stop using the subnet ID here
 			if runOpts.SubnetId != "" {
 				g.Id = str
 			} else {
@ -296,6 +313,17 @@ func resourceAwsInstanceCreate(d *schema.ResourceData, meta interface{}) error {
 		}
 	}

+	if v := d.Get("vpc_security_group_ids"); v != nil {
+		for _, v := range v.(*schema.Set).List() {
+			str := v.(string)
+
+			var g ec2.SecurityGroup
+			g.Id = str
+
+			runOpts.SecurityGroups = append(runOpts.SecurityGroups, g)
+		}
+	}
+
 	blockDevices := make([]interface{}, 0)

 	if v := d.Get("block_device"); v != nil {
@ -431,7 +459,9 @@ func resourceAwsInstanceRead(d *schema.ResourceData, meta interface{}) error {
 	// we use IDs if we're in a VPC. However, if we previously had an
 	// all-name list of security groups, we use names. Or, if we had any
 	// IDs, we use IDs.
+	// TODO: check the VPC ID instead?
 	useID := instance.SubnetId != ""
+	// Deprecated: vpc security groups should be defined in vpc_security_group_ids
 	if v := d.Get("security_groups"); v != nil {
 		match := false
 		for _, v := range v.(*schema.Set).List() {
@ -446,14 +476,18 @@ func resourceAwsInstanceRead(d *schema.ResourceData, meta interface{}) error {

 	// Build up the security groups
 	sgs := make([]string, len(instance.SecurityGroups))
-	for i, sg := range instance.SecurityGroups {
-		if useID {
+
+	if useID {
+		for i, sg := range instance.SecurityGroups {
 			sgs[i] = sg.Id
-		} else {
+		}
+		d.Set("vpc_security_group_ids", sgs)
+	} else {
+		for i, sg := range instance.SecurityGroups {
 			sgs[i] = sg.Name
 		}
+		d.Set("security_groups", sgs)
 	}
-	d.Set("security_groups", sgs)

 	blockDevices := make(map[string]ec2.BlockDevice)
 	for _, bd := range instance.BlockDevices {