hashicorp · YakDriver · Aug 31, 2022 · Aug 30, 2022 · Aug 30, 2022 · Aug 30, 2022
@@ -0,0 +1,15 @@
+```release-note:bug
+resource/aws_security_group: Fix complex dependency violations such as using a security group with an EMR cluster
+```
+
+```release-note:note
+resource/aws_security_group: With AWS's retirement of EC2-Classic, `aws_security_group` has been updated to remove support for EC2-Classic
+```
+
+```release-note:note
+resource/aws_default_security_group: With AWS's retirement of EC2-Classic, `aws_default_security_group` has been updated to remove support for EC2-Classic
+```
+
+```release-note:note
+resource/aws_security_group_rule: With AWS's retirement of EC2-Classic, `aws_security_group_rule` has been updated to remove support for EC2-Classic
+```
@@ -19,6 +19,41 @@ ifneq ($(origin SWEEPERS), undefined)
 	SWEEPARGS = -sweep-run='$(SWEEPERS)'
 endif
 
+ifeq ($(PKG_NAME), internal/service/ebs)
+	PKG_NAME = internal/service/ec2
+	TEST = ./$(PKG_NAME)/...
+endif
+
+ifeq ($(PKG_NAME), internal/service/ipam)
+	PKG_NAME = internal/service/ec2
+	TEST = ./$(PKG_NAME)/...
+endif
+
+ifeq ($(PKG_NAME), internal/service/transitgateway)
+	PKG_NAME = internal/service/ec2
+	TEST = ./$(PKG_NAME)/...
+endif
+
+ifeq ($(PKG_NAME), internal/service/vpc)
+	PKG_NAME = internal/service/ec2
+	TEST = ./$(PKG_NAME)/...
+endif
+
+ifeq ($(PKG_NAME), internal/service/vpnclient)
+	PKG_NAME = internal/service/ec2
+	TEST = ./$(PKG_NAME)/...
+endif
+
+ifeq ($(PKG_NAME), internal/service/vpnsite)
+	PKG_NAME = internal/service/ec2
+	TEST = ./$(PKG_NAME)/...
+endif
+
+ifeq ($(PKG_NAME), internal/service/wavelength)
+	PKG_NAME = internal/service/ec2
+	TEST = ./$(PKG_NAME)/...
+endif
+
 default: build
 
 build: fmtcheck

@@ -64,6 +64,7 @@ const (
 	errCodeInvalidRouteTableIDNotFound                    = "InvalidRouteTableID.NotFound"
 	errCodeInvalidRouteTableIdNotFound                    = "InvalidRouteTableId.NotFound"
 	errCodeInvalidSecurityGroupIDNotFound                 = "InvalidSecurityGroupID.NotFound"
+	errCodeInvalidSecurityGroupRuleIDNotFound             = "InvalidSecurityGroupRuleId.NotFound"
 	errCodeInvalidServiceName                             = "InvalidServiceName"
 	errCodeInvalidSnapshotInUse                           = "InvalidSnapshot.InUse"
 	errCodeInvalidSnapshotNotFound                        = "InvalidSnapshot.NotFound"

@@ -117,7 +117,7 @@ func resourceDefaultSecurityGroupCreate(d *schema.ResourceData, meta interface{}
 		}
 	}
 
-	if err := forceRevokeSecurityGroupRules(conn, d.Id()); err != nil {
+	if err := forceRevokeSecurityGroupRules(conn, d.Id(), false); err != nil {
 		return err
 	}
 

@@ -12,7 +12,7 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
 )
 
-func TestAccVPCDefaultSecurityGroup_VPC_basic(t *testing.T) {
+func TestAccVPCDefaultSecurityGroup_basic(t *testing.T) {
 	var group ec2.SecurityGroup
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
 	resourceName := "aws_default_security_group.test"
@@ -66,7 +66,7 @@ func TestAccVPCDefaultSecurityGroup_VPC_basic(t *testing.T) {
 	})
 }
 
-func TestAccVPCDefaultSecurityGroup_VPC_empty(t *testing.T) {
+func TestAccVPCDefaultSecurityGroup_empty(t *testing.T) {
 	var group ec2.SecurityGroup
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
 	resourceName := "aws_default_security_group.test"
@@ -97,103 +97,12 @@ func TestAccVPCDefaultSecurityGroup_VPC_empty(t *testing.T) {
 	})
 }
 
-func TestAccVPCDefaultSecurityGroup_Classic_serial(t *testing.T) {
-	testCases := map[string]func(t *testing.T){
-		"basic": testAccVPCDefaultSecurityGroup_Classic_basic,
-		"empty": testAccVPCDefaultSecurityGroup_Classic_empty,
-	}
-
-	for name, tc := range testCases {
-		tc := tc
-		t.Run(name, func(t *testing.T) {
-			tc(t)
-		})
-	}
-}
-
-func testAccVPCDefaultSecurityGroup_Classic_basic(t *testing.T) {
-	var group ec2.SecurityGroup
-	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
-	resourceName := "aws_default_security_group.test"
-
-	resource.Test(t, resource.TestCase{
-		PreCheck:                 func() { acctest.PreCheck(t); acctest.PreCheckEC2Classic(t) },
-		ErrorCheck:               acctest.ErrorCheck(t, ec2.EndpointsID),
-		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		CheckDestroy:             acctest.CheckDestroyNoop,
-		Steps: []resource.TestStep{
-			{
-				Config: testAccVPCDefaultSecurityGroupConfig_classic(rName),
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckSecurityGroupEC2ClassicExists(resourceName, &group),
-					resource.TestCheckResourceAttr(resourceName, "name", "default"),
-					resource.TestCheckResourceAttr(resourceName, "description", "default group"),
-					resource.TestCheckResourceAttr(resourceName, "vpc_id", ""),
-					resource.TestCheckResourceAttr(resourceName, "ingress.#", "1"),
-					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "ingress.*", map[string]string{
-						"protocol":      "tcp",
-						"from_port":     "80",
-						"to_port":       "8000",
-						"cidr_blocks.#": "1",
-						"cidr_blocks.0": "10.0.0.0/8",
-					}),
-					resource.TestCheckResourceAttr(resourceName, "egress.#", "0"),
-					testAccCheckDefaultSecurityGroupARNClassic(resourceName, &group),
-					acctest.CheckResourceAttrAccountID(resourceName, "owner_id"),
-					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
-					resource.TestCheckResourceAttr(resourceName, "tags.Name", rName),
-				),
-			},
-			{
-				Config:   testAccVPCDefaultSecurityGroupConfig_classic(rName),
-				PlanOnly: true,
-			},
-			{
-				Config:                  testAccVPCDefaultSecurityGroupConfig_classic(rName),
-				ResourceName:            resourceName,
-				ImportState:             true,
-				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"},
-			},
-		},
-	})
-}
-
-func testAccVPCDefaultSecurityGroup_Classic_empty(t *testing.T) {
-	var group ec2.SecurityGroup
-	resourceName := "aws_default_security_group.test"
-
-	resource.Test(t, resource.TestCase{
-		PreCheck:                 func() { acctest.PreCheck(t); acctest.PreCheckEC2Classic(t) },
-		ErrorCheck:               acctest.ErrorCheck(t, ec2.EndpointsID),
-		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		CheckDestroy:             acctest.CheckDestroyNoop,
-		Steps: []resource.TestStep{
-			{
-				Config: testAccVPCDefaultSecurityGroupConfig_classicEmpty(),
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckSecurityGroupEC2ClassicExists(resourceName, &group),
-					resource.TestCheckResourceAttr(resourceName, "ingress.#", "0"),
-					resource.TestCheckResourceAttr(resourceName, "egress.#", "0"),
-					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
-				),
-			},
-		},
-	})
-}
-
 func testAccCheckDefaultSecurityGroupARN(resourceName string, group *ec2.SecurityGroup) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		return acctest.CheckResourceAttrRegionalARN(resourceName, "arn", "ec2", fmt.Sprintf("security-group/%s", aws.StringValue(group.GroupId)))(s)
 	}
 }
 
-func testAccCheckDefaultSecurityGroupARNClassic(resourceName string, group *ec2.SecurityGroup) resource.TestCheckFunc {
-	return func(s *terraform.State) error {
-		return acctest.CheckResourceAttrRegionalARNEC2Classic(resourceName, "arn", "ec2", fmt.Sprintf("security-group/%s", aws.StringValue(group.GroupId)))(s)
-	}
-}
-
 func testAccVPCDefaultSecurityGroupConfig_basic(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_vpc" "test" {
@@ -243,27 +152,3 @@ resource "aws_default_security_group" "test" {
 }
 `, rName)
 }
-
-func testAccVPCDefaultSecurityGroupConfig_classic(rName string) string {
-	return acctest.ConfigCompose(acctest.ConfigEC2ClassicRegionProvider(), fmt.Sprintf(`
-resource "aws_default_security_group" "test" {
-  ingress {
-    protocol    = "6"
-    from_port   = 80
-    to_port     = 8000
-    cidr_blocks = ["10.0.0.0/8"]
-  }
-
-  tags = {
-    Name = %[1]q
-  }
-}
-`, rName))
-}
-
-func testAccVPCDefaultSecurityGroupConfig_classicEmpty() string {
-	return acctest.ConfigCompose(acctest.ConfigEC2ClassicRegionProvider(), `
-resource "aws_default_security_group" "test" {
-  # No attributes set.
-}`)
-}