Add 'testAccClientVPNEndpoint_vpcSecurityGroups'.

ewbankkit · ewbankkit · commit 5b90500888ad · 2022-02-03T08:04:14.000-05:00
diff --git a/internal/service/ec2/client_vpn_endpoint.go b/internal/service/ec2/client_vpn_endpoint.go
@@ -412,6 +412,8 @@ func resourceClientVPNEndpointUpdate(d *schema.ResourceData, meta interface{}) e
 
 		if d.HasChange("security_group_ids") {
 			input.SecurityGroupIds = flex.ExpandStringSet(d.Get("security_group_ids").(*schema.Set))
+			// "InvalidParameterValue: Security Groups cannot be modified without specifying Vpc Id"
+			input.VpcId = aws.String(d.Get("vpc_id").(string))
 		}
 
 		if d.HasChange("self_service_portal") {
diff --git a/internal/service/ec2/client_vpn_endpoint_test.go b/internal/service/ec2/client_vpn_endpoint_test.go
@@ -46,6 +46,7 @@ func TestAccEC2ClientVPNEndpoint_serial(t *testing.T) {
 			"simpleAttributesUpdate":       testAccClientVPNEndpoint_simpleAttributesUpdate,
 			"selfServicePortal":            testAccClientVPNEndpoint_selfServicePortal,
 			"vpcNoSecurityGroups":          testAccClientVPNEndpoint_vpcNoSecurityGroups,
+			"vpcSecurityGroups":            testAccClientVPNEndpoint_vpcSecurityGroups,
 			"basicDataSource":              testAccClientVPNEndpointDataSource_basic,
 		},
 		"AuthorizationRule": {
@@ -658,6 +659,48 @@ func testAccClientVPNEndpoint_vpcNoSecurityGroups(t *testing.T) {
 	})
 }
 
+func testAccClientVPNEndpoint_vpcSecurityGroups(t *testing.T) {
+	var v ec2.ClientVpnEndpoint
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_ec2_client_vpn_endpoint.test"
+	securityGroup1ResourceName := "aws_security_group.test1"
+	securityGroup2ResourceName := "aws_security_group.test2"
+	vpcResourceName := "aws_vpc.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheckClientVPNSyncronize(t); acctest.PreCheck(t) },
+		ErrorCheck:   acctest.ErrorCheck(t, ec2.EndpointsID),
+		Providers:    acctest.Providers,
+		CheckDestroy: testAccCheckClientVPNEndpointDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccEc2ClientVpnEndpointConfigSecurityGroups(rName, 2),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckClientVPNEndpointExists(resourceName, &v),
+					resource.TestCheckResourceAttr(resourceName, "security_group_ids.#", "2"),
+					resource.TestCheckTypeSetElemAttrPair(resourceName, "security_group_ids.*", securityGroup1ResourceName, "id"),
+					resource.TestCheckTypeSetElemAttrPair(resourceName, "security_group_ids.*", securityGroup2ResourceName, "id"),
+					resource.TestCheckResourceAttrPair(resourceName, "vpc_id", vpcResourceName, "id"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccEc2ClientVpnEndpointConfigSecurityGroups(rName, 1),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckClientVPNEndpointExists(resourceName, &v),
+					resource.TestCheckResourceAttr(resourceName, "security_group_ids.#", "1"),
+					resource.TestCheckTypeSetElemAttrPair(resourceName, "security_group_ids.*", securityGroup1ResourceName, "id"),
+					resource.TestCheckResourceAttrPair(resourceName, "vpc_id", vpcResourceName, "id"),
+				),
+			},
+		},
+	})
+}
+
 func testAccPreCheckClientVPNSyncronize(t *testing.T) {
 	sync.TestAccPreCheckSyncronize(t, testAccEc2ClientVpnEndpointSemaphore, "Client VPN")
 }

Original file line number	Diff line number	Diff line change
`@@ -412,6 +412,8 @@ func resourceClientVPNEndpointUpdate(d *schema.ResourceData, meta interface{}) e`
`412`	`412`
`413`	`413`	`if d.HasChange("security_group_ids") {`
`414`	`414`	`input.SecurityGroupIds = flex.ExpandStringSet(d.Get("security_group_ids").(*schema.Set))`
	`415`	`+ // "InvalidParameterValue: Security Groups cannot be modified without specifying Vpc Id"`
	`416`	`+ input.VpcId = aws.String(d.Get("vpc_id").(string))`
`415`	`417`	`}`
`416`	`418`
`417`	`419`	`if d.HasChange("self_service_portal") {`