fix: Security group for secondary interface

examples/complete/outputs.tf

@@ -7,3 +7,13 @@ output "slz_vsi" {
   value       = module.slz_vsi
   description = "VSI module values"
 }
+
+output "secondary_subnets" {
+  description = "Secondary subnets created"
+  value       = local.secondary_subnet_zone_list
+}
+
+output "secondary_security_groups" {
+  description = "Secondary security groups created"
+  value       = local.secondary_security_groups
+}

main.tf

@@ -135,7 +135,15 @@ resource "ibm_is_instance" "vsi" {
     }
     content {
       subnet = network_interfaces.value.id
-      security_groups = flatten([
+      # If security_groups is empty(list is len(0)) then default list to default_security_group_id.
+      # If list is empty it will fail on reapply as when vsi is passed an empty security group list it will attach the default security group.
+      security_groups = length(flatten([
+        (var.create_security_group && var.secondary_use_vsi_security_group ? [ibm_is_security_group.security_group[var.security_group.name].id] : []),
+        [
+          for group in var.secondary_security_groups :
+          group.security_group_id if group.interface_name == network_interfaces.value.name
+        ]
+        ])) == 0 ? [local.default_security_group_id] : flatten([
         (var.create_security_group && var.secondary_use_vsi_security_group ? [ibm_is_security_group.security_group[var.security_group.name].id] : []),
         [
           for group in var.secondary_security_groups :

module-metadata.json

@@ -468,7 +468,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 174
+        "line": 182
       }
     },
     "ibm_is_floating_ip.vsi_fip": {
@@ -485,7 +485,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 166
+        "line": 174
       }
     },
     "ibm_is_instance.vsi": {