-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
resource/aws_security_group_rule: Properly handle updating description when protocol is -1/ALL #6407
Conversation
…n when protocol is -1/ALL Previously: ``` --- FAIL: TestAccAWSSecurityGroupRule_Description_AllPorts (21.74s) testing.go:538: Step 2 error: Error applying: 1 error occurred: * aws_security_group_rule.test: 1 error occurred: * aws_security_group_rule.test: Error updating security group sg-0b6f5a54297754be3 rule description: InvalidParameterValue: When protocol is ALL, you cannot specify from-port. ``` Output from acceptance testing: ``` --- PASS: TestAccAWSSecurityGroupRule_Description_AllPorts (36.84s) --- PASS: TestAccAWSSecurityGroupRule_Egress (21.08s) --- PASS: TestAccAWSSecurityGroupRule_EgressDescription (21.13s) --- PASS: TestAccAWSSecurityGroupRule_EgressDescription_updates (33.23s) --- PASS: TestAccAWSSecurityGroupRule_ExpectInvalidCIDR (1.77s) --- PASS: TestAccAWSSecurityGroupRule_ExpectInvalidTypeError (1.72s) --- PASS: TestAccAWSSecurityGroupRule_Ingress_Classic (20.29s) --- PASS: TestAccAWSSecurityGroupRule_Ingress_Ipv6 (42.93s) --- PASS: TestAccAWSSecurityGroupRule_Ingress_Protocol (41.24s) --- PASS: TestAccAWSSecurityGroupRule_Ingress_VPC (20.04s) --- PASS: TestAccAWSSecurityGroupRule_IngressDescription (20.98s) --- PASS: TestAccAWSSecurityGroupRule_IngressDescription_updates (35.99s) --- PASS: TestAccAWSSecurityGroupRule_Issue5310 (20.12s) --- PASS: TestAccAWSSecurityGroupRule_MultiDescription (82.07s) --- PASS: TestAccAWSSecurityGroupRule_MultiIngress (22.57s) --- PASS: TestAccAWSSecurityGroupRule_PartialMatching_basic (47.79s) --- PASS: TestAccAWSSecurityGroupRule_PartialMatching_Source (44.23s) --- PASS: TestAccAWSSecurityGroupRule_PrefixListEgress (51.97s) --- PASS: TestAccAWSSecurityGroupRule_Race (274.72s) --- PASS: TestAccAWSSecurityGroupRule_SelfReference (40.94s) --- PASS: TestAccAWSSecurityGroupRule_SelfSource (41.11s) ```
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one minor 🤔 but this otherwise LGTM 👍
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckAWSSecurityGroupRuleExists(securityGroupResourceName, &group), | ||
testAccCheckAWSSecurityGroupRuleAttributes(resourceName, &group, &rule2, "ingress"), | ||
resource.TestCheckResourceAttr(resourceName, "description", "description2"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we also want to ensure the from_port
/ to_port
values are set to empty values in the state on the way back?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added these:
resource.TestCheckResourceAttr(resourceName, "from_port", "0"),
resource.TestCheckResourceAttr(resourceName, "protocol", "-1"),
resource.TestCheckResourceAttr(resourceName, "to_port", "0"),
Still passes. 😄
--- PASS: TestAccAWSSecurityGroupRule_Description_AllPorts (25.78s)
…t attribute checks in TestAccAWSSecurityGroupRule_Description_AllPorts ``` --- PASS: TestAccAWSSecurityGroupRule_Description_AllPorts (25.78s) ```
This has been released in version 1.43.1 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
This change keeps flagging my security groups as needing to be recreated:
At every apply. |
Thanks for the heads up, @analytically. I have submitted #6423 to fix that regression, which was not previously covered by an acceptance test. |
Awesome, thanks!! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Fixes #1920
Previously:
Output from acceptance testing: