Merge pull request #1662 from jgjay/elb-sgs-update

provider/aws: update elb security groups in-place
2015-04-28 20:30:00 -07:00 · 2015-04-28 20:30:00 -07:00 · 77f6945ae7
parent 07b02906dc c986c65238
commit 77f6945ae7
2 changed files with 70 additions and 2 deletions
--- a/builtin/providers/aws/resource_aws_elb.go
+++ b/builtin/providers/aws/resource_aws_elb.go
@ -58,12 +58,10 @@ func resourceAwsElb() *schema.Resource {
 				},
 			},

-			// TODO: could be not ForceNew
 			"security_groups": &schema.Schema{
 				Type:     schema.TypeSet,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 				Optional: true,
-				ForceNew: true,
 				Computed: true,
 				Set: func(v interface{}) int {
 					return hashcode.String(v.(string))
@ -436,6 +434,22 @@ func resourceAwsElbUpdate(d *schema.ResourceData, meta interface{}) error {
 		}
 	}

+	if d.HasChange("security_groups") {
+		groups := d.Get("security_groups").(*schema.Set).List()
+
+		applySecurityGroupsOpts := elb.ApplySecurityGroupsToLoadBalancerInput{
+			LoadBalancerName: aws.String(d.Id()),
+			SecurityGroups:   expandStringList(groups),
+		}
+
+		_, err := elbconn.ApplySecurityGroupsToLoadBalancer(&applySecurityGroupsOpts)
+		if err != nil {
+			return fmt.Errorf("Failure applying security groups: %s", err)
+		}
+
+		d.SetPartial("security_groups")
+	}
+
 	if err := setTagsELB(elbconn, d); err != nil {
 		return err
 	}
--- a/builtin/providers/aws/resource_aws_elb_test.go
+++ b/builtin/providers/aws/resource_aws_elb_test.go
@ -335,6 +335,32 @@ func TestAccAWSELBUpdate_ConnectionDraining(t *testing.T) {
 	})
 }

+func TestAccAWSELB_SecurityGroups(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSELBDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSELBConfig,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"aws_elb.bar", "security_groups.#", "0",
+					),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSELBConfigSecurityGroups,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"aws_elb.bar", "security_groups.#", "1",
+					),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSELBDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).elbconn

@ -694,3 +720,31 @@ resource "aws_elb" "bar" {
 	connection_draining = false
 }
 `
+
+const testAccAWSELBConfigSecurityGroups = `
+resource "aws_elb" "bar" {
+  name = "foobar-terraform-test"
+  availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
+
+  listener {
+    instance_port = 8000
+    instance_protocol = "http"
+    lb_port = 80
+    lb_protocol = "http"
+  }
+
+  security_groups = ["${aws_security_group.bar.id}"]
+}
+
+resource "aws_security_group" "bar" {
+  name = "terraform-elb-acceptance-test"
+  description = "Used in the terraform acceptance tests for the elb resource"
+
+  ingress {
+    protocol = "tcp"
+    from_port = 80
+    to_port = 80
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+`