Added security group tagging

2014-10-14 17:07:01 -04:00 · 2014-10-14 17:07:01 -04:00 · eef3197ba0
parent c2a27fe507
commit eef3197ba0
3 changed files with 83 additions and 8 deletions
--- a/builtin/providers/aws/resource_aws_security_group.go
+++ b/builtin/providers/aws/resource_aws_security_group.go
@ -84,6 +84,8 @@ func resourceAwsSecurityGroup() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+
+			"tags": tagsSchema(),
 		},
 	}
 }
@ -226,6 +228,12 @@ func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) er
 		}
 	}

+	if err := setTags(ec2conn, d); err != nil {
+		return err
+	} else {
+		d.SetPartial("tags")
+	}
+
 	return nil
 }

@ -295,6 +303,7 @@ func resourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("vpc_id", sg.VpcId)
 	d.Set("owner_id", sg.OwnerId)
 	d.Set("ingress", ingressRules)
+	d.Set("tags", tagsToMap(sg.Tags))

 	return nil
 }
--- a/builtin/providers/aws/resource_aws_security_group_test.go
+++ b/builtin/providers/aws/resource_aws_security_group_test.go
@ -276,6 +276,34 @@ func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroupInfo) resour
 	}
 }

+func TestAccAWSSecurityGroup_tags(t *testing.T) {
+	var group ec2.SecurityGroupInfo
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSSecurityGroupConfigTags,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group),
+					testAccCheckTags(&group.Tags, "foo", "bar"),
+				),
+			},
+
+			resource.TestStep{
+				Config: testAccAWSSecurityGroupConfigTagsUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group),
+					testAccCheckTags(&group.Tags, "foo", ""),
+					testAccCheckTags(&group.Tags, "bar", "baz"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroupInfo) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		p := []ec2.IPPerm{
@ -432,3 +460,19 @@ resource "aws_security_group" "web" {
    }
 }
 `
+
+const testAccAWSSecurityGroupConfigTags = `
+resource "aws_security_group" "foo" {
+	tags {
+		foo = "bar"
+	}
+}
+`
+
+const testAccAWSSecurityGroupConfigTagsUpdate = `
+resource "aws_security_group" "foo" {
+	tags {
+		bar = "baz"
+	}
+}
+`
--- a/website/source/docs/providers/aws/r/security_group.html.markdown
+++ b/website/source/docs/providers/aws/r/security_group.html.markdown
@ -10,17 +10,39 @@ Provides an security group resource.

 ## Example Usage

+Basic usage
+
 ```
 resource "aws_security_group" "allow_all" {
-    name = "allow_all"
+  name = "allow_all"
 	description = "Allow all inbound traffic"

-    ingress {
-        from_port = 0
-        to_port = 65535
-        protocol = "tcp"
-        cidr_blocks = ["0.0.0.0/0"]
-    }
+  ingress {
+      from_port = 0
+      to_port = 65535
+      protocol = "tcp"
+      cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+```
+
+Basic usage with tags:
+
+```
+resource "aws_security_group" "allow_all" {
+  name = "allow_all"
+  description = "Allow all inbound traffic"
+
+  ingress {
+      from_port = 0
+      to_port = 65535
+      protocol = "tcp"
+      cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags {
+    Name = "allow_all"
+  }
 }
 ```

@ -44,6 +66,7 @@ The `ingress` block supports:
 * `self` - (Optional) If true, the security group itself will be added as
     a source to this ingress rule.
 * `to_port` - (Required) The end range port.
+* `tags` - (Optional) A mapping of tags to assign to the resource.

 ## Attributes Reference

@ -55,4 +78,3 @@ The following attributes are exported:
 * `name` - The name of the security group
 * `description` - The description of the security group
 * `ingress` - The ingress rules. See above for more.
-