revise tests and check for vpc_id

builtin/providers/aws/resource_aws_security_group.go

@@ -148,7 +148,7 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
 
         securityGroupOpts := &ec2.CreateSecurityGroupInput{}
 
-        if v := d.Get("vpc_id"); v != nil {
+        if v, ok := d.GetOk("vpc_id"); ok {
                 if len(d.Get("egress").(*schema.Set).List()) == 0 {
                         return fmt.Errorf("Error creating Security Group: Security groups inside a VPC require an egress rule. See http://terraform.io/docs/providers/aws/r/security_group.html for more information.")
                 }
@@ -189,7 +189,9 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
 		Refresh: SGStateRefreshFunc(conn, d.Id()),
 		Timeout: 1 * time.Minute,
 	}
-	if _, err := stateConf.WaitForState(); err != nil {
+
+        resp, err := stateConf.WaitForState()
+        if err != nil {
 		return fmt.Errorf(
 			"Error waiting for Security Group (%s) to become available: %s",
 			d.Id(), err)
@@ -197,7 +199,8 @@ func resourceAwsSecurityGroupCreate(d *schema.ResourceData, meta interface{}) er
 
         // AWS defaults all Security Groups to have an ALLOW ALL egress rule. Here we
         // revoke that rule, so users don't unknowningly have/use it.
-        if v := d.Get("vpc_id"); v != nil {
+        group := resp.(*ec2.SecurityGroup)
+        if group.VPCID != nil && *group.VPCID != "" {
                 log.Printf("[DEBUG] Revoking default egress rule for Security Group for %s", d.Id())
 
                 req := &ec2.RevokeSecurityGroupEgressInput{

builtin/providers/aws/resource_aws_security_group_test.go

@@ -216,6 +216,7 @@ func TestAccAWSSecurityGroup_generatedName(t *testing.T) {
 
 func TestAccAWSSecurityGroup_DefaultEgress(t *testing.T) {
 
+        // VPC
         resource.Test(t, resource.TestCase{
                 PreCheck:     func() { testAccPreCheck(t) },
                 Providers:    testAccProviders,
@@ -229,6 +230,22 @@ func TestAccAWSSecurityGroup_DefaultEgress(t *testing.T) {
                         },
                 },
         })
+
+        // Classic
+        var group ec2.SecurityGroup
+        resource.Test(t, resource.TestCase{
+                PreCheck:     func() { testAccPreCheck(t) },
+                Providers:    testAccProviders,
+                CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
+                Steps: []resource.TestStep{
+                        resource.TestStep{
+                                Config: testAccAWSSecurityGroupConfigClassic,
+                                Check: resource.ComposeTestCheckFunc(
+                                        testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group),
+                                ),
+                        },
+                },
+        })
 }
 
 func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error {
@@ -455,6 +472,13 @@ resource "aws_security_group" "web" {
     cidr_blocks = ["10.0.0.0/8"]
   }
 
+  egress {
+    protocol = "tcp"
+    from_port = 80
+    to_port = 8000
+    cidr_blocks = ["10.0.0.0/8"]
+  }
+
 	tags {
 		Name = "tf-acc-test"
 	}
@@ -479,6 +503,13 @@ resource "aws_security_group" "web" {
     to_port = 8000
     cidr_blocks = ["0.0.0.0/0", "10.0.0.0/8"]
   }
+
+  egress {
+    protocol = "tcp"
+    from_port = 80
+    to_port = 8000
+    cidr_blocks = ["10.0.0.0/8"]
+  }
 }
 `
 
@@ -493,6 +524,13 @@ resource "aws_security_group" "web" {
     to_port = 8000
     self = true
   }
+
+  egress {
+    protocol = "tcp"
+    from_port = 80
+    to_port = 8000
+    cidr_blocks = ["10.0.0.0/8"]
+  }
 }
 `
 
@@ -533,6 +571,13 @@ resource "aws_security_group" "worker" {
     to_port = 8000
     cidr_blocks = ["10.0.0.0/8"]
   }
+
+  egress {
+    protocol = "tcp"
+    from_port = 80
+    to_port = 8000
+    cidr_blocks = ["10.0.0.0/8"]
+  }
 }
 
 resource "aws_security_group" "web" {
@@ -559,6 +604,13 @@ resource "aws_security_group" "web" {
     to_port = 8000
     security_groups = ["${aws_security_group.worker.id}"]
   }
+
+  egress {
+    protocol = "tcp"
+    from_port = 80
+    to_port = 8000
+    cidr_blocks = ["10.0.0.0/8"]
+  }
 }
 `
 
@@ -574,6 +626,13 @@ resource "aws_security_group" "foo" {
     cidr_blocks = ["10.0.0.0/8"]
   }
 
+  egress {
+    protocol = "tcp"
+    from_port = 80
+    to_port = 8000
+    cidr_blocks = ["10.0.0.0/8"]
+  }
+
   tags {
     foo = "bar"
   }
@@ -592,6 +651,13 @@ resource "aws_security_group" "foo" {
     cidr_blocks = ["10.0.0.0/8"]
   }
 
+  egress {
+    protocol = "tcp"
+    from_port = 80
+    to_port = 8000
+    cidr_blocks = ["10.0.0.0/8"]
+  }
+
   tags {
     bar = "baz"
   }
@@ -607,6 +673,13 @@ resource "aws_security_group" "web" {
     cidr_blocks = ["10.0.0.0/8"]
   }
 
+  egress {
+    protocol = "tcp"
+    from_port = 80
+    to_port = 8000
+    cidr_blocks = ["10.0.0.0/8"]
+  }
+
 	tags {
 		Name = "tf-acc-test"
 	}
@@ -614,9 +687,17 @@ resource "aws_security_group" "web" {
 `
 
 const testAccAWSSecurityGroupConfigDefaultEgress = `
+resource "aws_vpc" "tf_sg_egress_test" {
+        cidr_block = "10.0.0.0/16"
+        tags {
+                Name = "tf_sg_egress_test"
+        }
+}
+
 resource "aws_security_group" "worker" {
   name = "terraform_acceptance_test_example_1"
   description = "Used in the terraform acceptance tests"
+        vpc_id = "${aws_vpc.tf_sg_egress_test.id}"
 
   egress {
     protocol = "tcp"
@@ -626,3 +707,14 @@ resource "aws_security_group" "worker" {
   }
 }
 `
+
+const testAccAWSSecurityGroupConfigClassic = `
+provider "aws" {
+  region = "us-east-1"
+}
+
+resource "aws_security_group" "web" {
+  name = "terraform_acceptance_test_example_1"
+  description = "Used in the terraform acceptance tests"
+}
+`