feat: If a value is passed for security_group_ids, the module will …

…no longer assign the default security group to the VSI, just the ones passed in the `security_group_ids` list. If `create_security_group` is set to false, then the default security group will be attached.<br>NOTE: If upgrading from a previous version, and passing in a value for `security_group_ids`, the module will do an update in place to remove the default security group from the VSI. (#560)
terraform-ibm-modules · Oct 12, 2023 · 0ccf87f · 0ccf87f
1 parent 3d0b01e
commit 0ccf87f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/main.tf b/main.tf
@@ -122,8 +122,9 @@ resource "ibm_is_instance" "vsi" {
   primary_network_interface {
     subnet = each.value.subnet_id
     security_groups = flatten([
-      (var.create_security_group ? [ibm_is_security_group.security_group[var.security_group.name].id] : [local.default_security_group_id]),
-      var.security_group_ids
+      (var.create_security_group ? [ibm_is_security_group.security_group[var.security_group.name].id] : []),
+      var.security_group_ids,
+      (var.create_security_group == false && length(var.security_group_ids) == 0 ? [local.default_security_group_id] : []),
     ])
     allow_ip_spoofing = var.allow_ip_spoofing
   }

diff --git a/module-metadata.json b/module-metadata.json
@@ -468,7 +468,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 182
+        "line": 183
       }
     },
     "ibm_is_floating_ip.vsi_fip": {
@@ -485,7 +485,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 174
+        "line": 175
       }
     },
     "ibm_is_instance.vsi": {