aws_security_group: revoke_rules_on_delete conflict with 'terraform plan' #2329
Labels
bug
Addresses a defect in current functionality.
service/ec2
Issues and PRs that pertain to the ec2 service.
stale
Old or inactive issues managed by automation, if no further action taken these will get closed.
Version 1.2.0 (released October 31, 2017)
In this version, a new feature was added:
-resource/aws_security_group: Add revoke_rules_on_delete option to force a security
Problem:
-When you import a security group into terraform, the parameter 'revoke_rules_on_delete' is not imported into terraform.tfstate. Let's assume one imported, say:
$ terraform import aws_security_group.sg-1 sg-234xxxx12
-If after importing one runs 'terraform plan' the following change is reported:
$terraform plan
.....
.....
~ aws_security_group.sg-1
revoke_rules_on_delete: "" => "false"
There is no trace of revoke_rules_on_delete in terraform.tfstate.
I tried to specify the value explicitly in the main.tf file with both 'true' and 'false', and even an empty string (""). In all cases the plan is to introduce a change.
(brute force): to validate/test, I manually edited terraform.tfstate and added:
"revoke_rules_on_delete": "false",
then 'terraform plan' passed with 'No changes'
Workaround (until bug is fixed):
For now, I pinned the provider plugin to the previous version, (using which the problem does not manifest), in main.tf:
provider "aws" {
version = "~> 1.1.0"
.....
......
}
So essentially, it looks like 'terraform import' should explicitly import the value of the parameter revoke_rules_on_delete explicitly as 'true' or 'false'
The text was updated successfully, but these errors were encountered: