fix: aws_security_group_rule is updated (#593)

[#183535195](https://www.pivotaltracker.com/story/show/183535195)
cloudfoundry · Nov 1, 2022 · cd1a5b4 · cd1a5b4
1 parent d656e45
commit cd1a5b4
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 15 deletions.
diff --git a/terraform-tests/aurora_mysql_test.go b/terraform-tests/aurora_mysql_test.go
@@ -129,6 +129,7 @@ var _ = Describe("Aurora mysql", Label("aurora-mysql-terraform"), Ordered, func(
 					"vpc_security_group_ids": ConsistOf("group1", "group2", "group3"),
 				}))
 			Expect(ResourceCreationForType(plan, "aws_security_group")).To(BeEmpty())
+			Expect(ResourceCreationForType(plan, "aws_security_group_rule")).To(BeEmpty())
 		})
 	})
 

diff --git a/terraform-tests/aurora_postgresql_test.go b/terraform-tests/aurora_postgresql_test.go
@@ -123,12 +123,13 @@ var _ = Describe("Aurora postgresql", Label("aurora-postgresql-terraform"), Orde
 			}))
 		})
 
-		It("should use the ids passed and not create new security groups", func() {
+		It("should use the ids passed and not create new security groups or rules", func() {
 			Expect(AfterValuesForType(plan, "aws_rds_cluster")).To(
 				MatchKeys(IgnoreExtras, Keys{
 					"vpc_security_group_ids": ConsistOf("group1", "group2", "group3"),
 				}))
 			Expect(ResourceCreationForType(plan, "aws_security_group")).To(BeEmpty())
+			Expect(ResourceCreationForType(plan, "aws_security_group_rule")).To(BeEmpty())
 		})
 	})
 

diff --git a/terraform/aurora-mysql/provision/main.tf b/terraform/aurora-mysql/provision/main.tf
@@ -1,19 +1,20 @@
-resource "aws_security_group" "rds_sg" {
-  count  = length(var.rds_vpc_security_group_ids) == 0 ? 1 : 0
-  name   = format("%s-sg", var.instance_name)
-  vpc_id = data.aws_vpc.vpc.id
-}
-
 resource "aws_db_subnet_group" "rds_private_subnet" {
   count      = length(var.rds_subnet_group) == 0 ? 1 : 0
   name       = format("%s-p-sn", var.instance_name)
   subnet_ids = data.aws_subnets.all.ids
 }
 
+resource "aws_security_group" "rds_sg" {
+  count  = length(var.rds_vpc_security_group_ids) == 0 ? 1 : 0
+  name   = format("%s-sg", var.instance_name)
+  vpc_id = data.aws_vpc.vpc.id
+}
+
 resource "aws_security_group_rule" "rds_inbound_access" {
-  from_port         = local.port
+  count             = length(var.rds_vpc_security_group_ids) == 0 ? 1 : 0
   protocol          = "tcp"
   security_group_id = aws_security_group.rds_sg[0].id
+  from_port         = local.port
   to_port           = local.port
   type              = "ingress"
   cidr_blocks       = ["0.0.0.0/0"]

diff --git a/terraform/aurora-postgresql/provision/main.tf b/terraform/aurora-postgresql/provision/main.tf
@@ -1,19 +1,20 @@
-resource "aws_security_group" "rds_sg" {
-  count  = length(var.rds_vpc_security_group_ids) == 0 ? 1 : 0
-  name   = format("%s-sg", var.instance_name)
-  vpc_id = data.aws_vpc.vpc.id
-}
-
 resource "aws_db_subnet_group" "rds_private_subnet" {
   count      = length(var.rds_subnet_group) == 0 ? 1 : 0
   name       = format("%s-p-sn", var.instance_name)
   subnet_ids = data.aws_subnets.all.ids
 }
 
+resource "aws_security_group" "rds_sg" {
+  count  = length(var.rds_vpc_security_group_ids) == 0 ? 1 : 0
+  name   = format("%s-sg", var.instance_name)
+  vpc_id = data.aws_vpc.vpc.id
+}
+
 resource "aws_security_group_rule" "rds_inbound_access" {
-  from_port         = local.port
+  count             = length(var.rds_vpc_security_group_ids) == 0 ? 1 : 0
   protocol          = "tcp"
   security_group_id = aws_security_group.rds_sg[0].id
+  from_port         = local.port
   to_port           = local.port
   type              = "ingress"
   cidr_blocks       = ["0.0.0.0/0"]