Importing an aws_security_group_rule with a source_security_group_id validation #11587
Labels
bug
Addresses a defect in current functionality.
service/ec2
Issues and PRs that pertain to the ec2 service.
Community Note
Terraform Version
Terraform v0.12.10
Affected Resource(s)
Terraform Configuration Files
Expected Behavior
We'd expect some sort of validation error or at least a change to the security group rule.
Actual Behavior
terraform plan
calculates a no-opSteps to Reproduce
terraform import
a security group that has asource_security_group_id
ingress rule.aws_security_group_rule
resource to havecidr_blocks = []
, omitting thesource_security_group_id
.terraform plan
will show a no-op change.Important Factoids
When I attempted to import an
aws_security_group
and its associated rules I hit this. Theterraform import
will grab a security group rule that has asource_security_group_id
and place it into the state file as expected. However, upon writing the resource definition for the security group rule I accidentally added acidr_blocks = []
line to the resource and didn't notice thesource_security_group_id
that had been correctly imported into state. Aterraform plan
showed a no-op, so I moved on to other resources for this service being imported.Upon code review we caught that this rule actually had a source security group and fixed it in the resource definition. We never attempted a
terraform apply
, so I'm not sure if it would throw any errors at that point.This seems like something validation should pick up. If I've imported a resource with a
source_security_group_id
set in the state file I probably shouldn't be able to setcidr_blocks
to anything.The text was updated successfully, but these errors were encountered: