provider/aws: Set aws_alb security_groups computed

This commit fixes #8264 by making the security_groups attribute on aws_alb resources computed, allowing the default security group assigned by AWS to not generate perpetual plans forcing new resources.
hashicorp · Aug 18, 2016 · 14ed57a · 14ed57a
1 parent dd2740d
commit 14ed57a
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 0 deletions.
diff --git a/builtin/providers/aws/resource_aws_alb.go b/builtin/providers/aws/resource_aws_alb.go
@@ -39,6 +39,7 @@ func resourceAwsAlb() *schema.Resource {
 			"security_groups": {
 				Type:     schema.TypeSet,
 				Elem:     &schema.Schema{Type: schema.TypeString},
+				Computed: true,
 				ForceNew: true,
 				Optional: true,
 				Set:      schema.HashString,

diff --git a/builtin/providers/aws/resource_aws_alb_test.go b/builtin/providers/aws/resource_aws_alb_test.go
@@ -44,6 +44,40 @@ func TestAccAWSALB_basic(t *testing.T) {
 	})
 }
 
+// TestAccAWSALB_noSecurityGroup regression tests the issue in #8264,
+// where if an ALB is created without a security group, a default one
+// is assigned.
+func TestAccAWSALB_noSecurityGroup(t *testing.T) {
+	var conf elbv2.LoadBalancer
+	albName := fmt.Sprintf("testaccawsalb-nosg-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:      func() { testAccPreCheck(t) },
+		IDRefreshName: "aws_alb.alb_test",
+		Providers:     testAccProviders,
+		CheckDestroy:  testAccCheckAWSALBDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSALBConfig_nosg(albName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSALBExists("aws_alb.alb_test", &conf),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "name", albName),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "internal", "false"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "subnets.#", "2"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "security_groups.#", "1"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.%", "1"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.TestName", "TestAccAWSALB_basic"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "enable_deletion_protection", "false"),
+					resource.TestCheckResourceAttr("aws_alb.alb_test", "idle_timeout", "30"),
+					resource.TestCheckResourceAttrSet("aws_alb.alb_test", "vpc_id"),
+					resource.TestCheckResourceAttrSet("aws_alb.alb_test", "zone_id"),
+					resource.TestCheckResourceAttrSet("aws_alb.alb_test", "dns_name"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSALB_accesslogs(t *testing.T) {
 	var conf elbv2.LoadBalancer
 	bucketName := fmt.Sprintf("testaccawsalbaccesslogs-%s", acctest.RandStringFromCharSet(6, acctest.CharSetAlphaNum))
@@ -334,3 +368,45 @@ resource "aws_security_group" "alb_test" {
   }
 }`, albName, bucketName)
 }
+
+func testAccAWSALBConfig_nosg(albName string) string {
+	return fmt.Sprintf(`resource "aws_alb" "alb_test" {
+  name            = "%s"
+  internal        = false
+  subnets         = ["${aws_subnet.alb_test.*.id}"]
+
+  idle_timeout = 30
+  enable_deletion_protection = false
+
+  tags {
+    TestName = "TestAccAWSALB_basic"
+  }
+}
+
+variable "subnets" {
+  default = ["10.0.1.0/24", "10.0.2.0/24"]
+  type    = "list"
+}
+
+data "aws_availability_zones" "available" {}
+
+resource "aws_vpc" "alb_test" {
+  cidr_block = "10.0.0.0/16"
+
+  tags {
+    TestName = "TestAccAWSALB_basic"
+  }
+}
+
+resource "aws_subnet" "alb_test" {
+  count                   = 2
+  vpc_id                  = "${aws_vpc.alb_test.id}"
+  cidr_block              = "${element(var.subnets, count.index)}"
+  map_public_ip_on_launch = true
+  availability_zone       = "${element(data.aws_availability_zones.available.names, count.index)}"
+
+  tags {
+    TestName = "TestAccAWSALB_basic"
+  }
+}`, albName)
+}