diff --git a/builtin/providers/aws/resource_aws_alb.go b/builtin/providers/aws/resource_aws_alb.go index 1823ce7a3..74c65ea41 100644 --- a/builtin/providers/aws/resource_aws_alb.go +++ b/builtin/providers/aws/resource_aws_alb.go @@ -39,6 +39,7 @@ func resourceAwsAlb() *schema.Resource { "security_groups": { Type: schema.TypeSet, Elem: &schema.Schema{Type: schema.TypeString}, + Computed: true, ForceNew: true, Optional: true, Set: schema.HashString, diff --git a/builtin/providers/aws/resource_aws_alb_test.go b/builtin/providers/aws/resource_aws_alb_test.go index 929da8d77..29a20bc2c 100644 --- a/builtin/providers/aws/resource_aws_alb_test.go +++ b/builtin/providers/aws/resource_aws_alb_test.go @@ -44,6 +44,40 @@ func TestAccAWSALB_basic(t *testing.T) { }) } +// TestAccAWSALB_noSecurityGroup regression tests the issue in #8264, +// where if an ALB is created without a security group, a default one +// is assigned. +func TestAccAWSALB_noSecurityGroup(t *testing.T) { + var conf elbv2.LoadBalancer + albName := fmt.Sprintf("testaccawsalb-nosg-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + IDRefreshName: "aws_alb.alb_test", + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSALBDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSALBConfig_nosg(albName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSALBExists("aws_alb.alb_test", &conf), + resource.TestCheckResourceAttr("aws_alb.alb_test", "name", albName), + resource.TestCheckResourceAttr("aws_alb.alb_test", "internal", "false"), + resource.TestCheckResourceAttr("aws_alb.alb_test", "subnets.#", "2"), + resource.TestCheckResourceAttr("aws_alb.alb_test", "security_groups.#", "1"), + resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.%", "1"), + resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.TestName", "TestAccAWSALB_basic"), + resource.TestCheckResourceAttr("aws_alb.alb_test", "enable_deletion_protection", "false"), + resource.TestCheckResourceAttr("aws_alb.alb_test", "idle_timeout", "30"), + resource.TestCheckResourceAttrSet("aws_alb.alb_test", "vpc_id"), + resource.TestCheckResourceAttrSet("aws_alb.alb_test", "zone_id"), + resource.TestCheckResourceAttrSet("aws_alb.alb_test", "dns_name"), + ), + }, + }, + }) +} + func TestAccAWSALB_accesslogs(t *testing.T) { var conf elbv2.LoadBalancer bucketName := fmt.Sprintf("testaccawsalbaccesslogs-%s", acctest.RandStringFromCharSet(6, acctest.CharSetAlphaNum)) @@ -334,3 +368,45 @@ resource "aws_security_group" "alb_test" { } }`, albName, bucketName) } + +func testAccAWSALBConfig_nosg(albName string) string { + return fmt.Sprintf(`resource "aws_alb" "alb_test" { + name = "%s" + internal = false + subnets = ["${aws_subnet.alb_test.*.id}"] + + idle_timeout = 30 + enable_deletion_protection = false + + tags { + TestName = "TestAccAWSALB_basic" + } +} + +variable "subnets" { + default = ["10.0.1.0/24", "10.0.2.0/24"] + type = "list" +} + +data "aws_availability_zones" "available" {} + +resource "aws_vpc" "alb_test" { + cidr_block = "10.0.0.0/16" + + tags { + TestName = "TestAccAWSALB_basic" + } +} + +resource "aws_subnet" "alb_test" { + count = 2 + vpc_id = "${aws_vpc.alb_test.id}" + cidr_block = "${element(var.subnets, count.index)}" + map_public_ip_on_launch = true + availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" + + tags { + TestName = "TestAccAWSALB_basic" + } +}`, albName) +}