diff --git a/builtin/providers/openstack/resource_openstack_networking_secgroup_v2.go b/builtin/providers/openstack/resource_openstack_networking_secgroup_v2.go index 229f0adc7..5d7f65153 100644 --- a/builtin/providers/openstack/resource_openstack_networking_secgroup_v2.go +++ b/builtin/providers/openstack/resource_openstack_networking_secgroup_v2.go @@ -10,6 +10,7 @@ import ( "github.com/gophercloud/gophercloud" "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/groups" + "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/rules" ) func resourceNetworkingSecGroupV2() *schema.Resource { @@ -70,6 +71,14 @@ func resourceNetworkingSecGroupV2Create(d *schema.ResourceData, meta interface{} return err } + // Remove the default rules + for _, rule := range security_group.Rules { + if err := rules.Delete(networkingClient, rule.ID).ExtractErr(); err != nil { + return fmt.Errorf( + "There was a problem deleting a default security group rule: %s", err) + } + } + log.Printf("[DEBUG] OpenStack Neutron Security Group created: %#v", security_group) d.SetId(security_group.ID) diff --git a/builtin/providers/openstack/resource_openstack_networking_secgroup_v2_test.go b/builtin/providers/openstack/resource_openstack_networking_secgroup_v2_test.go index 12e6c18f8..a10b62ebe 100644 --- a/builtin/providers/openstack/resource_openstack_networking_secgroup_v2_test.go +++ b/builtin/providers/openstack/resource_openstack_networking_secgroup_v2_test.go @@ -23,6 +23,7 @@ func TestAccNetworkingV2SecGroup_basic(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckNetworkingV2SecGroupExists( "openstack_networking_secgroup_v2.secgroup_1", &security_group), + testAccCheckNetworkingV2SecGroupRuleCount(&security_group, 0), ), }, resource.TestStep{ @@ -89,6 +90,18 @@ func testAccCheckNetworkingV2SecGroupExists(n string, security_group *groups.Sec } } +func testAccCheckNetworkingV2SecGroupRuleCount( + sg *groups.SecGroup, count int) resource.TestCheckFunc { + return func(s *terraform.State) error { + if len(sg.Rules) == count { + return nil + } + + return fmt.Errorf("Unexpected number of rules in group %s. Expected %d, got %d", + sg.ID, count, len(sg.Rules)) + } +} + const testAccNetworkingV2SecGroup_basic = ` resource "openstack_networking_secgroup_v2" "secgroup_1" { name = "security_group"