cloudposse / terraform-aws-security-group

Terraform module to provision an AWS Security Group
https://cloudposse.com/accelerate
Apache License 2.0
36 stars 35 forks source link

allow_all_egress conflicts with source_security_group_id #75

Open karaluh opened 1 month ago

karaluh commented 1 month ago

Describe the Bug

When setting allow_all_egress to true and using source_security_group_id in rules list, TF plan fails with

│ Error: Inconsistent conditional result types
│
│   on .terraform\modules\sg\main.tf line 197, in resource "aws_security_group_rule" "keyed":
│  197:   for_each = local.rule_create_before_destroy ? local.keyed_resource_rules : {}
│     ├────────────────
│     │ local.keyed_resource_rules is object with 2 attributes
│
│ The true result value has the wrong type: attribute types must all match for conversion to map.

That's because source_security_group_id in local.allow_egress_rule is set to null instead of [] https://github.com/cloudposse/terraform-aws-security-group/blob/main/normalize.tf#L73

Expected Behavior

TF plan finishes without an error when using both: allow_all_egress to true and using source_security_group_id in rules** list

Steps to Reproduce

TF plan the following code:

module "sg" {
  source  = "cloudposse/security-group/aws"
  version = "2.2.0"

  allow_all_egress = true

  rules = [{
    source_security_group_id = ["nevermind"]

    type      = "ingress"
    protocol  = "tcp"
    from_port = 0
    to_port   = 0
  }]

  vpc_id = "nevermind"
}

Screenshots

No response

Environment

No response

Additional Context

No response