diff --git a/builtin/providers/aws/resource_aws_elb.go b/builtin/providers/aws/resource_aws_elb.go index 8f4c613cd..419dc74f6 100644 --- a/builtin/providers/aws/resource_aws_elb.go +++ b/builtin/providers/aws/resource_aws_elb.go @@ -58,12 +58,10 @@ func resourceAwsElb() *schema.Resource { }, }, - // TODO: could be not ForceNew "security_groups": &schema.Schema{ Type: schema.TypeSet, Elem: &schema.Schema{Type: schema.TypeString}, Optional: true, - ForceNew: true, Computed: true, Set: func(v interface{}) int { return hashcode.String(v.(string)) @@ -436,6 +434,22 @@ func resourceAwsElbUpdate(d *schema.ResourceData, meta interface{}) error { } } + if d.HasChange("security_groups") { + groups := d.Get("security_groups").(*schema.Set).List() + + applySecurityGroupsOpts := elb.ApplySecurityGroupsToLoadBalancerInput{ + LoadBalancerName: aws.String(d.Id()), + SecurityGroups: expandStringList(groups), + } + + _, err := elbconn.ApplySecurityGroupsToLoadBalancer(&applySecurityGroupsOpts) + if err != nil { + return fmt.Errorf("Failure applying security groups: %s", err) + } + + d.SetPartial("security_groups") + } + if err := setTagsELB(elbconn, d); err != nil { return err } diff --git a/builtin/providers/aws/resource_aws_elb_test.go b/builtin/providers/aws/resource_aws_elb_test.go index 205882898..e27a4e9ac 100644 --- a/builtin/providers/aws/resource_aws_elb_test.go +++ b/builtin/providers/aws/resource_aws_elb_test.go @@ -335,6 +335,32 @@ func TestAccAWSELBUpdate_ConnectionDraining(t *testing.T) { }) } +func TestAccAWSELB_SecurityGroups(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSELBDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSELBConfig, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "aws_elb.bar", "security_groups.#", "0", + ), + ), + }, + resource.TestStep{ + Config: testAccAWSELBConfigSecurityGroups, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "aws_elb.bar", "security_groups.#", "1", + ), + ), + }, + }, + }) +} + func testAccCheckAWSELBDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).elbconn @@ -694,3 +720,31 @@ resource "aws_elb" "bar" { connection_draining = false } ` + +const testAccAWSELBConfigSecurityGroups = ` +resource "aws_elb" "bar" { + name = "foobar-terraform-test" + availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] + + listener { + instance_port = 8000 + instance_protocol = "http" + lb_port = 80 + lb_protocol = "http" + } + + security_groups = ["${aws_security_group.bar.id}"] +} + +resource "aws_security_group" "bar" { + name = "terraform-elb-acceptance-test" + description = "Used in the terraform acceptance tests for the elb resource" + + ingress { + protocol = "tcp" + from_port = 80 + to_port = 80 + cidr_blocks = ["0.0.0.0/0"] + } +} +`