Setting `create_security_group` to false doesn't work

rpadovani commented 2 years ago

Found a bug? Maybe our Slack Community can help.

Describe the Bug

If you set create_security_group to false, and provide your security groups with associated_security_group_ids, terraform will fail to plan with this error:

│ Error: Null value found in list
│ 
│   with module.ec2_client_vpn[0].aws_ec2_client_vpn_network_association.default[0],
│   on .terraform/modules/ec2_client_vpn/main.tf line 226, in resource "aws_ec2_client_vpn_network_association" "default":
│  226:   security_groups = concat(
│  227:     [module.vpn_security_group.id],
│  228:     local.associated_security_group_ids
│  229:   )
│ 
│ Null values are not allowed for this attribute value.

As soon as I set it to true, it works (with the same security groups!).

I think the problem is that basically the value is a list of [null, my-ids], and aws_ec2_client_vpn_network_association don't like it.:

➜ terraform console
> concat([null], ["my-id"])
[
  null,
  "my-id",
]

Expected Behavior

Being able to set create_security_group to false

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

OS: Linux
Version: Terraform 1.16, module 0.11.0

zliebersbach commented 2 years ago

Bug confirmed here!

korenyoni commented 2 years ago

Maybe we could try

  security_groups = concat(
    module.vpn_security_group.id != null ? [module.vpn_security_group.id] : [],
    local.associated_security_group_ids
  )
}

for https://github.com/cloudposse/terraform-aws-ec2-client-vpn/blob/3a02e59459114993a696e51d501f3b1987a2a2e1/main.tf#L228-L232

cloudposse / terraform-aws-ec2-client-vpn