r/aws_default_security_group: Tidy up 'TestAccVPCDefaultSecurityGroup…

…_Classic_empty'. Fixes #14631. Acceptance test output: % make testacc TESTARGS='-run=TestAccVPCDefaultSecurityGroup_Classic_empty' PKG=ec2 ACCTEST_PARALLELISM=3 ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 3 -run=TestAccVPCDefaultSecurityGroup_Classic_empty -timeout 180m === RUN TestAccVPCDefaultSecurityGroup_Classic_empty === PAUSE TestAccVPCDefaultSecurityGroup_Classic_empty === CONT TestAccVPCDefaultSecurityGroup_Classic_empty --- PASS: TestAccVPCDefaultSecurityGroup_Classic_empty (11.08s) PASS ok github.com/hashicorp/terraform-provider-aws/internal/service/ec2 15.310s
hashicorp · Jul 20, 2022 · b9add85 · b9add85
1 parent ce155d0
commit b9add85
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 14 deletions.
diff --git a/internal/service/ec2/vpc_default_security_group.go b/internal/service/ec2/vpc_default_security_group.go
@@ -194,7 +194,8 @@ func ResourceDefaultSecurityGroup() *schema.Resource {
 func resourceDefaultSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*conns.AWSClient).EC2Conn
 	defaultTagsConfig := meta.(*conns.AWSClient).DefaultTagsConfig
-	tags := defaultTagsConfig.MergeTags(tftags.New(d.Get("tags").(map[string]interface{})))
+	ignoreTagsConfig := meta.(*conns.AWSClient).IgnoreTagsConfig
+
 	securityGroupOpts := &ec2.DescribeSecurityGroupsInput{
 		Filters: []*ec2.Filter{
 			{
@@ -248,9 +249,12 @@ func resourceDefaultSecurityGroupCreate(d *schema.ResourceData, meta interface{}
 
 	log.Printf("[INFO] Default Security Group ID: %s", d.Id())
 
-	if len(tags) > 0 {
-		if err := CreateTags(conn, d.Id(), tags); err != nil {
-			return fmt.Errorf("error adding EC2 Default Security Group (%s) tags: %w", d.Id(), err)
+	oTagsAll := KeyValueTags(g.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig)
+	nTagsAll := defaultTagsConfig.MergeTags(tftags.New(d.Get("tags").(map[string]interface{})))
+
+	if !nTagsAll.Equal(oTagsAll) {
+		if err := UpdateTags(conn, d.Id(), oTagsAll.Map(), nTagsAll.Map()); err != nil {
+			return fmt.Errorf("updating Default Security Group (%s) tags: %w", d.Id(), err)
 		}
 	}
 

diff --git a/internal/service/ec2/vpc_default_security_group_test.go b/internal/service/ec2/vpc_default_security_group_test.go
@@ -148,11 +148,6 @@ func TestAccVPCDefaultSecurityGroup_Classic_basic(t *testing.T) {
 }
 
 func TestAccVPCDefaultSecurityGroup_Classic_empty(t *testing.T) {
-
-	acctest.Skip(t, "This resource does not currently clear tags when adopting the resource")
-	// Additional references:
-	//  * https://github.com/hashicorp/terraform-provider-aws/issues/14631
-
 	var group ec2.SecurityGroup
 	resourceName := "aws_default_security_group.test"
 
@@ -168,6 +163,7 @@ func TestAccVPCDefaultSecurityGroup_Classic_empty(t *testing.T) {
 					testAccCheckDefaultSecurityGroupClassicExists(resourceName, &group),
 					resource.TestCheckResourceAttr(resourceName, "ingress.#", "0"),
 					resource.TestCheckResourceAttr(resourceName, "egress.#", "0"),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
 				),
 			},
 		},
@@ -304,13 +300,10 @@ resource "aws_default_security_group" "test" {
 }
 
 func testAccVPCDefaultSecurityGroupConfig_classicEmpty() string {
-	return acctest.ConfigCompose(
-		acctest.ConfigEC2ClassicRegionProvider(),
-		`
+	return acctest.ConfigCompose(acctest.ConfigEC2ClassicRegionProvider(), `
 resource "aws_default_security_group" "test" {
   # No attributes set.
-}
-`)
+}`)
 }
 
 func TestDefaultSecurityGroupMigrateState(t *testing.T) {