tests/resource/aws_security_group: Remove hardcoded us-east-1 handling (

#16036) Reference: #8316 Reference: #15737 Reference: #15791 Previously in AWS GovCloud (US): ``` === RUN TestAccAWSSecurityGroup_defaultEgressClassic TestAccAWSSecurityGroup_defaultEgressClassic: provider_test.go:184: [{0 error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. status code: 403, request id: 80bb55a7-5ac8-46b6-8c39-cf4f09bb4cd5 []}] --- FAIL: TestAccAWSSecurityGroup_defaultEgressClassic (0.50s) === RUN TestAccAWSSecurityGroup_ingressWithCidrAndSGsClassic TestAccAWSSecurityGroup_ingressWithCidrAndSGsClassic: provider_test.go:184: [{0 error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. status code: 403, request id: 9909088a-dd37-40db-8774-2ea613dd1b3d []}] --- FAIL: TestAccAWSSecurityGroup_ingressWithCidrAndSGsClassic (0.50s) ``` Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSSecurityGroup_defaultEgressClassic (12.50s) --- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGsClassic (14.84s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- SKIP: TestAccAWSSecurityGroup_defaultEgressClassic (2.90s) --- SKIP: TestAccAWSSecurityGroup_ingressWithCidrAndSGsClassic (2.90s) ```
hashicorp · Nov 11, 2020 · feee86f · feee86f
1 parent 394fa67
commit feee86f
Showing 1 changed file with 98 additions and 29 deletions.
diff --git a/aws/resource_aws_security_group_test.go b/aws/resource_aws_security_group_test.go
@@ -14,6 +14,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -1510,24 +1511,21 @@ func TestAccAWSSecurityGroup_defaultEgressVPC(t *testing.T) {
 func TestAccAWSSecurityGroup_defaultEgressClassic(t *testing.T) {
 	var group ec2.SecurityGroup
 	resourceName := "aws_security_group.test"
+	rName := acctest.RandomWithPrefix("tf-acc-test")
 
-	oldvar := os.Getenv("AWS_DEFAULT_REGION")
-	os.Setenv("AWS_DEFAULT_REGION", "us-east-1")
-	defer os.Setenv("AWS_DEFAULT_REGION", oldvar)
-
-	resource.Test(t, resource.TestCase{
-		PreCheck:      func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) },
-		IDRefreshName: resourceName,
-		Providers:     testAccProviders,
-		CheckDestroy:  testAccCheckAWSSecurityGroupDestroy,
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) },
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckAWSSecurityGroupEc2ClassicDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAWSSecurityGroupConfigClassic,
+				Config: testAccAWSSecurityGroupConfigClassic(rName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSSecurityGroupExists(resourceName, &group),
+					testAccCheckAWSSecurityGroupEc2ClassicExists(resourceName, &group),
 				),
 			},
 			{
+				Config:                  testAccAWSSecurityGroupConfigClassic(rName),
 				ResourceName:            resourceName,
 				ImportState:             true,
 				ImportStateVerify:       true,
@@ -1819,21 +1817,17 @@ func TestAccAWSSecurityGroup_ingressWithCidrAndSGsVPC(t *testing.T) {
 func TestAccAWSSecurityGroup_ingressWithCidrAndSGsClassic(t *testing.T) {
 	var group ec2.SecurityGroup
 	resourceName := "aws_security_group.test"
+	rName := acctest.RandomWithPrefix("tf-acc-test")
 
-	oldvar := os.Getenv("AWS_DEFAULT_REGION")
-	os.Setenv("AWS_DEFAULT_REGION", "us-east-1")
-	defer os.Setenv("AWS_DEFAULT_REGION", oldvar)
-
-	resource.Test(t, resource.TestCase{
-		PreCheck:     func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) },
-		Providers:    testAccProviders,
-		CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) },
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckAWSSecurityGroupEc2ClassicDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs_classic,
+				Config: testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs_classic(rName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSSecurityGroupExists(resourceName, &group),
-					testAccCheckAWSSecurityGroupSGandCidrAttributes(&group),
+					testAccCheckAWSSecurityGroupEc2ClassicExists(resourceName, &group),
 					resource.TestCheckResourceAttr(resourceName, "egress.#", "0"),
 					resource.TestCheckResourceAttr(resourceName, "ingress.#", "2"),
 					tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "ingress.*", map[string]string{
@@ -1850,6 +1844,7 @@ func TestAccAWSSecurityGroup_ingressWithCidrAndSGsClassic(t *testing.T) {
 				),
 			},
 			{
+				Config:                  testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs_classic(rName),
 				ResourceName:            resourceName,
 				ImportState:             true,
 				ImportStateVerify:       true,
@@ -2112,6 +2107,38 @@ func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error {
 	return nil
 }
 
+func testAccCheckAWSSecurityGroupEc2ClassicDestroy(s *terraform.State) error {
+	conn := testAccProviderEc2Classic.Meta().(*AWSClient).ec2conn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_security_group" {
+			continue
+		}
+
+		input := &ec2.DescribeSecurityGroupsInput{
+			GroupIds: []*string{aws.String(rs.Primary.ID)},
+		}
+
+		output, err := conn.DescribeSecurityGroups(input)
+
+		if tfawserr.ErrCodeEquals(err, "InvalidGroup.NotFound") {
+			continue
+		}
+
+		if err != nil {
+			return fmt.Errorf("error describing EC2 Security Group (%s): %w", rs.Primary.ID, err)
+		}
+
+		for _, sg := range output.SecurityGroups {
+			if aws.StringValue(sg.GroupId) == rs.Primary.ID {
+				return fmt.Errorf("EC2 Security Group (%s) still exists", rs.Primary.ID)
+			}
+		}
+	}
+
+	return nil
+}
+
 func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@@ -2141,6 +2168,40 @@ func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroup) reso
 	}
 }
 
+func testAccCheckAWSSecurityGroupEc2ClassicExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No Security Group is set")
+		}
+
+		conn := testAccProviderEc2Classic.Meta().(*AWSClient).ec2conn
+
+		input := &ec2.DescribeSecurityGroupsInput{
+			GroupIds: []*string{aws.String(rs.Primary.ID)},
+		}
+
+		output, err := conn.DescribeSecurityGroups(input)
+
+		if err != nil {
+			return fmt.Errorf("error describing EC2 Security Group (%s): %w", rs.Primary.ID, err)
+		}
+
+		for _, sg := range output.SecurityGroups {
+			if aws.StringValue(sg.GroupId) == rs.Primary.ID {
+				*group = *sg
+				return nil
+			}
+		}
+
+		return fmt.Errorf("EC2 Security Group (%s) not found", rs.Primary.ID)
+	}
+}
+
 func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		p := &ec2.IpPermission{
@@ -3309,12 +3370,16 @@ resource "aws_security_group" "test" {
 }
 `
 
-const testAccAWSSecurityGroupConfigClassic = `
+func testAccAWSSecurityGroupConfigClassic(rName string) string {
+	return composeConfig(
+		testAccEc2ClassicRegionProviderConfig(),
+		fmt.Sprintf(`
 resource "aws_security_group" "test" {
-  name        = "terraform_acceptance_test_example_1"
+  name        = %[1]q
   description = "Used in the terraform acceptance tests"
 }
-`
+`, rName))
+}
 
 func testAccAWSSecurityGroupPrefixNameConfig(namePrefix string) string {
 	return fmt.Sprintf(`
@@ -3600,9 +3665,12 @@ resource "aws_security_group" "test" {
 }
 `
 
-const testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs_classic = `
+func testAccAWSSecurityGroupConfig_ingressWithCidrAndSGs_classic(rName string) string {
+	return composeConfig(
+		testAccEc2ClassicRegionProviderConfig(),
+		fmt.Sprintf(`
 resource "aws_security_group" "test2" {
-  name        = "tf_other_acc_tests"
+  name        = "%[1]s-2"
   description = "Used in the terraform acceptance tests"
 
   tags = {
@@ -3611,7 +3679,7 @@ resource "aws_security_group" "test2" {
 }
 
 resource "aws_security_group" "test" {
-  name        = "terraform_acceptance_test_example"
+  name        = %[1]q
   description = "Used in the terraform acceptance tests"
 
   ingress {
@@ -3636,7 +3704,8 @@ resource "aws_security_group" "test" {
     Name = "tf-acc-test"
   }
 }
-`
+`, rName))
+}
 
 // fails to apply in one pass with the error "diffs didn't match during apply"
 // GH-2027