Ignore the VPC configuration for a Lambda function if it is empty

I have a `lambda_function` module, which supports both EC2 classic and VPC. The problem I have, however, is that there is no way to specify a null configuration for `vpc_config`. This pull request changes the behavior so that the following Terraform configuration is //ignored//, instead of failing with an error (the current behavior): ``` resource "aws_lambda_function" "test" { # ... vpc_config { security_group_ids = [] subnet_ids = [] } } ``` See also hashicorp#1187 and hashicorp#1190.
mdlavin · Jan 3, 2018 · 1480140 · 1480140
1 parent ddd2205
commit 1480140
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 1 deletion.
diff --git a/aws/resource_aws_lambda_function.go b/aws/resource_aws_lambda_function.go
@@ -139,6 +139,31 @@ func resourceAwsLambdaFunction() *schema.Resource {
 						},
 					},
 				},
+
+				// Suppress diffs if the VPC configuration is empty.
+				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+					if v, ok := d.GetOk("vpc_config"); ok {
+						configs := v.([]interface{})
+						config, ok := configs[0].(map[string]interface{})
+
+						if !ok {
+							return true
+						}
+
+						if config == nil {
+							return true
+						}
+
+						securityGroups := config["security_group_ids"].(*schema.Set)
+						subnets := config["subnet_ids"].(*schema.Set)
+
+						if securityGroups.Len() == 0 && subnets.Len() == 0 {
+							return true
+						}
+					}
+
+					return false
+				},
 			},
 			"arn": {
 				Type:     schema.TypeString,
@@ -277,7 +302,6 @@ func resourceAwsLambdaFunctionCreate(d *schema.ResourceData, meta interface{}) e
 	}
 
 	if v, ok := d.GetOk("vpc_config"); ok {
-
 		configs := v.([]interface{})
 		config, ok := configs[0].(map[string]interface{})
 

diff --git a/aws/resource_aws_lambda_function_test.go b/aws/resource_aws_lambda_function_test.go
@@ -483,6 +483,28 @@ func TestAccAWSLambdaFunction_VPC_withInvocation(t *testing.T) {
 	})
 }
 
+func TestAccAWSLambdaFunction_EmptyVpcConfig(t *testing.T) {
+	var conf lambda.GetFunctionOutput
+
+	rSt := acctest.RandString(5)
+	rName := fmt.Sprintf("tf_test_%s", rSt)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckLambdaFunctionDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSLambdaConfigWithEmptyVpcConfig(rName, rSt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsLambdaFunctionExists("aws_lambda_function.test", rName, &conf),
+					resource.TestCheckResourceAttr("aws_lambda_function.test", "vpc_config.#", "0"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSLambdaFunction_s3(t *testing.T) {
 	var conf lambda.GetFunctionOutput
 	rSt := acctest.RandString(5)
@@ -1470,6 +1492,22 @@ resource "aws_security_group" "sg_for_lambda_2" {
 `, rName, rName)
 }
 
+func testAccAWSLambdaConfigWithEmptyVpcConfig(rName, rSt string) string {
+	return fmt.Sprintf(baseAccAWSLambdaConfig(rSt)+`
+resource "aws_lambda_function" "test" {
+    filename      = "test-fixtures/lambdatest.zip"
+    function_name = "%s"
+    role          = "${aws_iam_role.iam_for_lambda.arn}"
+    handler       = "exports.example"
+    runtime       = "nodejs4.3"
+
+    vpc_config {
+        subnet_ids         = []
+        security_group_ids = []
+    }
+}`, rName)
+}
+
 func testAccAWSLambdaConfigS3(rName, rSt string) string {
 	return fmt.Sprintf(`
 resource "aws_s3_bucket" "lambda_bucket" {