From eef3197ba099975ff2ce26bcfe713d84875d6f4b Mon Sep 17 00:00:00 2001
From: Long Nguyen <long.nguyen11288@gmail.com>
Date: Tue, 14 Oct 2014 17:07:01 -0400
Subject: [PATCH] Added security group tagging

---
 .../aws/resource_aws_security_group.go        |  9 ++++
 .../aws/resource_aws_security_group_test.go   | 44 +++++++++++++++++++
 .../aws/r/security_group.html.markdown        | 38 ++++++++++++----
 3 files changed, 83 insertions(+), 8 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_security_group.go b/builtin/providers/aws/resource_aws_security_group.go
index 88627a0b8..c277c501a 100644
--- a/builtin/providers/aws/resource_aws_security_group.go
+++ b/builtin/providers/aws/resource_aws_security_group.go
@@ -84,6 +84,8 @@ func resourceAwsSecurityGroup() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+
+			"tags": tagsSchema(),
 		},
 	}
 }
@@ -226,6 +228,12 @@ func resourceAwsSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) er
 		}
 	}
 
+	if err := setTags(ec2conn, d); err != nil {
+		return err
+	} else {
+		d.SetPartial("tags")
+	}
+
 	return nil
 }
 
@@ -295,6 +303,7 @@ func resourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("vpc_id", sg.VpcId)
 	d.Set("owner_id", sg.OwnerId)
 	d.Set("ingress", ingressRules)
+	d.Set("tags", tagsToMap(sg.Tags))
 
 	return nil
 }
diff --git a/builtin/providers/aws/resource_aws_security_group_test.go b/builtin/providers/aws/resource_aws_security_group_test.go
index 0774b71dd..5ff4d4c49 100644
--- a/builtin/providers/aws/resource_aws_security_group_test.go
+++ b/builtin/providers/aws/resource_aws_security_group_test.go
@@ -276,6 +276,34 @@ func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroupInfo) resour
 	}
 }
 
+func TestAccAWSSecurityGroup_tags(t *testing.T) {
+	var group ec2.SecurityGroupInfo
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSSecurityGroupConfigTags,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group),
+					testAccCheckTags(&group.Tags, "foo", "bar"),
+				),
+			},
+
+			resource.TestStep{
+				Config: testAccAWSSecurityGroupConfigTagsUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group),
+					testAccCheckTags(&group.Tags, "foo", ""),
+					testAccCheckTags(&group.Tags, "bar", "baz"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroupInfo) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		p := []ec2.IPPerm{
@@ -432,3 +460,19 @@ resource "aws_security_group" "web" {
     }
 }
 `
+
+const testAccAWSSecurityGroupConfigTags = `
+resource "aws_security_group" "foo" {
+	tags {
+		foo = "bar"
+	}
+}
+`
+
+const testAccAWSSecurityGroupConfigTagsUpdate = `
+resource "aws_security_group" "foo" {
+	tags {
+		bar = "baz"
+	}
+}
+`
diff --git a/website/source/docs/providers/aws/r/security_group.html.markdown b/website/source/docs/providers/aws/r/security_group.html.markdown
index 89323a996..4d8efed6a 100644
--- a/website/source/docs/providers/aws/r/security_group.html.markdown
+++ b/website/source/docs/providers/aws/r/security_group.html.markdown
@@ -10,17 +10,39 @@ Provides an security group resource.
 
 ## Example Usage
 
+Basic usage
+
 ```
 resource "aws_security_group" "allow_all" {
-    name = "allow_all"
+  name = "allow_all"
 	description = "Allow all inbound traffic"
 
-    ingress {
-        from_port = 0
-        to_port = 65535
-        protocol = "tcp"
-        cidr_blocks = ["0.0.0.0/0"]
-    }
+  ingress {
+      from_port = 0
+      to_port = 65535
+      protocol = "tcp"
+      cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+```
+
+Basic usage with tags:
+
+```
+resource "aws_security_group" "allow_all" {
+  name = "allow_all"
+  description = "Allow all inbound traffic"
+
+  ingress {
+      from_port = 0
+      to_port = 65535
+      protocol = "tcp"
+      cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags {
+    Name = "allow_all"
+  }
 }
 ```
 
@@ -44,6 +66,7 @@ The `ingress` block supports:
 * `self` - (Optional) If true, the security group itself will be added as
      a source to this ingress rule.
 * `to_port` - (Required) The end range port.
+* `tags` - (Optional) A mapping of tags to assign to the resource.
 
 ## Attributes Reference
 
@@ -55,4 +78,3 @@ The following attributes are exported:
 * `name` - The name of the security group
 * `description` - The description of the security group
 * `ingress` - The ingress rules. See above for more.
-