providers/aws: actually return ingress rule on refresh, tests

builtin/providers/aws/resource_aws_security_group.go

@@ -23,9 +23,15 @@ func resource_aws_security_group_create(
 	rs := s.MergeDiff(d)
 
 	securityGroupOpts := ec2.SecurityGroup{
-		Name:        rs.Attributes["name"],
+		Name: rs.Attributes["name"],
-		Description: rs.Attributes["description"],
+	}
-		VpcId:       rs.Attributes["vpc_id"],
+
+	if rs.Attributes["vpc_id"] != "" {
+		securityGroupOpts.VpcId = rs.Attributes["vpc_id"]
+	}
+
+	if rs.Attributes["description"] != "" {
+		securityGroupOpts.Description = rs.Attributes["description"]
 	}
 
 	log.Printf("[DEBUG] Security Group create configuration: %#v", securityGroupOpts)
@@ -118,12 +124,12 @@ func resource_aws_security_group_diff(
 		Attrs: map[string]diff.AttrType{
 			"name":        diff.AttrTypeCreate,
 			"description": diff.AttrTypeUpdate,
-			"vpc_id":      diff.AttrTypeUpdate,
 			"ingress":     diff.AttrTypeUpdate,
 		},
 
 		ComputedAttrs: []string{
 			"owner_id",
+			"vpc_id",
 		},
 	}
 
@@ -139,7 +145,7 @@ func resource_aws_security_group_update_state(
 	s.Attributes["vpc_id"] = sg.VpcId
 	s.Attributes["owner_id"] = sg.OwnerId
 
-	// Flatten our sg values
+	// Flatten our ingress values
 	toFlatten := make(map[string]interface{})
 	toFlatten["ingress"] = flattenIPPerms(sg.IPPerms)
 
@@ -192,6 +198,8 @@ func resource_aws_security_group_validation() *config.Validator {
 			"description",
 			"vpc_id",
 			"owner_id",
+			"ingress.*.cidr_blocks.*",
+			"ingress.*.security_groups.*",
 		},
 	}
 }

builtin/providers/aws/structure.go

@@ -81,6 +81,7 @@ func flattenIPPerms(list []ec2.IPPerm) []map[string]interface{} {
 		n["to_port"] = perm.ToPort
 		n["cidr_blocks"] = perm.SourceIPs
 		n["security_groups"] = flattenSecurityGroups(perm.SourceGroups)
+		result = append(result, n)
 	}
 
 	return result

builtin/providers/aws/structure_test.go

@@ -20,19 +20,19 @@ func testConf() map[string]string {
 		"availability_zones.#":         "2",
 		"availability_zones.0":         "us-east-1a",
 		"availability_zones.1":         "us-east-1b",
-		"egress.#":                     "1",
+		"ingress.#":                    "1",
-		"egress.0.protocol":            "icmp",
+		"ingress.0.protocol":           "icmp",
-		"egress.0.from_port":           "1",
+		"ingress.0.from_port":          "1",
-		"egress.0.to_port":             "-1",
+		"ingress.0.to_port":            "-1",
-		"egress.0.cidr_blocks.#":       "1",
+		"ingress.0.cidr_blocks.#":      "1",
-		"egress.0.cidr_blocks.0":       "0.0.0.0/0",
+		"ingress.0.cidr_blocks.0":      "0.0.0.0/0",
-		"egress.0.security_groups.#":   "1",
+		"ingress.0.security_groups.#":  "1",
-		"egress.0.security_groups.0":   "sg-11111",
+		"ingress.0.security_groups.0":  "sg-11111",
 	}
 }
 
 func Test_expandIPPerms(t *testing.T) {
-	expanded := flatmap.Expand(testConf(), "egress").([]interface{})
+	expanded := flatmap.Expand(testConf(), "ingress").([]interface{})
 	perms := expandIPPerms(expanded)
 	expected := ec2.IPPerm{
 		Protocol:  "icmp",
@@ -55,6 +55,35 @@ func Test_expandIPPerms(t *testing.T) {
 
 }
 
+func Test_flattenIPPerms(t *testing.T) {
+	rawIp := []ec2.IPPerm{
+		ec2.IPPerm{
+			Protocol:  "icmp",
+			FromPort:  1,
+			ToPort:    -1,
+			SourceIPs: []string{"0.0.0.0/0"},
+			SourceGroups: []ec2.UserSecurityGroup{
+				ec2.UserSecurityGroup{
+					Id: "sg-11111",
+				},
+			},
+		},
+	}
+
+	toFlatten := make(map[string]interface{})
+	toFlatten["ingress"] = flattenIPPerms(rawIp)
+
+	perms := flatmap.Flatten(toFlatten)
+
+	if perms["ingress.0.protocol"] != "icmp" {
+		t.Fatalf("bad protocol")
+	}
+
+	if perms["ingress.0.security_groups.0"] != "sg-11111" {
+		t.Fatalf("bad security group")
+	}
+}
+
 func Test_expandListeners(t *testing.T) {
 	expanded := flatmap.Expand(testConf(), "listener").([]interface{})
 	listeners := expandListeners(expanded)