Merge pull request #31396 from hashicorp/remove-aws_ec2_client_vpn_ne…

…twork_association.security_groups r/aws_ec2_client_vpn_network_association: Remove `security_groups`
hashicorp · May 12, 2023 · 69d74de · 69d74de
2 parents 12e7828 + fa33ab6
commit 69d74de
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 268 deletions.
diff --git a/.changelog/31396.txt b/.changelog/31396.txt
@@ -0,0 +1,3 @@
+```release-note:breaking-change
+resource/aws_ec2_client_vpn_network_association: The `security_groups` attribute has been removed
+```
diff --git a/internal/service/ec2/vpnclient_endpoint_test.go b/internal/service/ec2/vpnclient_endpoint_test.go
@@ -61,11 +61,9 @@ func TestAccClientVPNEndpoint_serial(t *testing.T) {
 			"disappearsEndpoint": testAccClientVPNAuthorizationRule_Disappears_endpoint,
 		},
 		"NetworkAssociation": {
-			"basic":                    testAccClientVPNNetworkAssociation_basic,
-			"multipleSubnets":          testAccClientVPNNetworkAssociation_multipleSubnets,
-			"disappears":               testAccClientVPNNetworkAssociation_disappears,
-			"securityGroups":           testAccClientVPNNetworkAssociation_securityGroups,
-			"securityGroupsOnEndpoint": testAccClientVPNNetworkAssociation_securityGroupsOnEndpoint,
+			"basic":           testAccClientVPNNetworkAssociation_basic,
+			"multipleSubnets": testAccClientVPNNetworkAssociation_multipleSubnets,
+			"disappears":      testAccClientVPNNetworkAssociation_disappears,
 		},
 		"Route": {
 			"basic":       testAccClientVPNRoute_basic,

diff --git a/internal/service/ec2/vpnclient_network_association.go b/internal/service/ec2/vpnclient_network_association.go
@@ -13,7 +13,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
-	"github.com/hashicorp/terraform-provider-aws/internal/flex"
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 )
 
@@ -22,7 +21,6 @@ func ResourceClientVPNNetworkAssociation() *schema.Resource {
 	return &schema.Resource{
 		CreateWithoutTimeout: resourceClientVPNNetworkAssociationCreate,
 		ReadWithoutTimeout:   resourceClientVPNNetworkAssociationRead,
-		UpdateWithoutTimeout: resourceClientVPNNetworkAssociationUpdate,
 		DeleteWithoutTimeout: resourceClientVPNNetworkAssociationDelete,
 
 		Importer: &schema.ResourceImporter{
@@ -44,16 +42,6 @@ func ResourceClientVPNNetworkAssociation() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
-			"security_groups": {
-				Type:       schema.TypeSet,
-				MinItems:   1,
-				MaxItems:   5,
-				Optional:   true,
-				Computed:   true,
-				Elem:       &schema.Schema{Type: schema.TypeString},
-				Set:        schema.HashString,
-				Deprecated: "Use the `security_group_ids` attribute of the `aws_ec2_client_vpn_endpoint` resource instead.",
-			},
 			"subnet_id": {
 				Type:     schema.TypeString,
 				Required: true,
@@ -87,26 +75,10 @@ func resourceClientVPNNetworkAssociationCreate(ctx context.Context, d *schema.Re
 
 	d.SetId(aws.StringValue(output.AssociationId))
 
-	targetNetwork, err := WaitClientVPNNetworkAssociationCreated(ctx, conn, d.Id(), endpointID, d.Timeout(schema.TimeoutCreate))
-
-	if err != nil {
+	if _, err := WaitClientVPNNetworkAssociationCreated(ctx, conn, d.Id(), endpointID, d.Timeout(schema.TimeoutCreate)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "waiting for EC2 Client VPN Network Association (%s) create: %s", d.Id(), err)
 	}
 
-	if v, ok := d.GetOk("security_groups"); ok {
-		input := &ec2.ApplySecurityGroupsToClientVpnTargetNetworkInput{
-			ClientVpnEndpointId: aws.String(endpointID),
-			SecurityGroupIds:    flex.ExpandStringSet(v.(*schema.Set)),
-			VpcId:               targetNetwork.VpcId,
-		}
-
-		_, err := conn.ApplySecurityGroupsToClientVpnTargetNetworkWithContext(ctx, input)
-
-		if err != nil {
-			return sdkdiag.AppendErrorf(diags, "applying Security Groups to EC2 Client VPN Network Association (%s): %s", d.Id(), err)
-		}
-	}
-
 	return append(diags, resourceClientVPNNetworkAssociationRead(ctx, d, meta)...)
 }
 
@@ -129,32 +101,12 @@ func resourceClientVPNNetworkAssociationRead(ctx context.Context, d *schema.Reso
 
 	d.Set("association_id", network.AssociationId)
 	d.Set("client_vpn_endpoint_id", network.ClientVpnEndpointId)
-	d.Set("security_groups", aws.StringValueSlice(network.SecurityGroups))
 	d.Set("subnet_id", network.TargetNetworkId)
 	d.Set("vpc_id", network.VpcId)
 
 	return diags
 }
 
-func resourceClientVPNNetworkAssociationUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
-	var diags diag.Diagnostics
-	conn := meta.(*conns.AWSClient).EC2Conn()
-
-	if d.HasChange("security_groups") {
-		input := &ec2.ApplySecurityGroupsToClientVpnTargetNetworkInput{
-			ClientVpnEndpointId: aws.String(d.Get("client_vpn_endpoint_id").(string)),
-			SecurityGroupIds:    flex.ExpandStringSet(d.Get("security_groups").(*schema.Set)),
-			VpcId:               aws.String(d.Get("vpc_id").(string)),
-		}
-
-		if _, err := conn.ApplySecurityGroupsToClientVpnTargetNetworkWithContext(ctx, input); err != nil {
-			return sdkdiag.AppendErrorf(diags, "applying Security Groups to EC2 Client VPN Network Association (%s): %s", d.Id(), err)
-		}
-	}
-
-	return append(diags, resourceClientVPNNetworkAssociationRead(ctx, d, meta)...)
-}
-
 func resourceClientVPNNetworkAssociationDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).EC2Conn()