From fd8d41f6a5fe906fbd3ea2acb32b5334485c76f3 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Sun, 20 Nov 2016 09:28:11 -0500
Subject: [PATCH] Add note to aws_security_group data source describing the
 default security group for a VPC. (#10247)

Add a corresponding acceptance test.
---
 .../data_source_aws_security_group_test.go    | 32 +++++++++++++++++++
 .../aws/d/security_group.html.markdown        |  1 +
 2 files changed, 33 insertions(+)

diff --git a/builtin/providers/aws/data_source_aws_security_group_test.go b/builtin/providers/aws/data_source_aws_security_group_test.go
index 3454e6120f..331f79e991 100644
--- a/builtin/providers/aws/data_source_aws_security_group_test.go
+++ b/builtin/providers/aws/data_source_aws_security_group_test.go
@@ -20,6 +20,7 @@ func TestAccDataSourceAwsSecurityGroup(t *testing.T) {
 					testAccDataSourceAwsSecurityGroupCheck("data.aws_security_group.by_tag"),
 					testAccDataSourceAwsSecurityGroupCheck("data.aws_security_group.by_filter"),
 					testAccDataSourceAwsSecurityGroupCheck("data.aws_security_group.by_name"),
+					testAccDataSourceAwsSecurityGroupCheckDefault("data.aws_security_group.default_by_name"),
 				),
 			},
 		},
@@ -67,6 +68,31 @@ func testAccDataSourceAwsSecurityGroupCheck(name string) resource.TestCheckFunc
 	}
 }
 
+func testAccDataSourceAwsSecurityGroupCheckDefault(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("root module has no resource called %s", name)
+		}
+
+		vpcRs, ok := s.RootModule().Resources["aws_vpc.test"]
+		if !ok {
+			return fmt.Errorf("can't find aws_vpc.test in state")
+		}
+		attr := rs.Primary.Attributes
+
+		if attr["id"] != vpcRs.Primary.Attributes["default_security_group_id"] {
+			return fmt.Errorf(
+				"id is %s; want %s",
+				attr["id"],
+				vpcRs.Primary.Attributes["default_security_group_id"],
+			)
+		}
+
+		return nil
+	}
+}
+
 const testAccDataSourceAwsSecurityGroupConfig = `
 provider "aws" {
   region = "eu-west-1"
@@ -94,6 +120,12 @@ data "aws_security_group" "by_id" {
 data "aws_security_group" "by_name" {
   name = "${aws_security_group.test.name}"
 }
+
+data "aws_security_group" "default_by_name" {
+	vpc_id = "${aws_vpc.test.id}"
+  name = "default"
+}
+
 data "aws_security_group" "by_tag" {
   tags {
     Name = "${aws_security_group.test.tags["Name"]}"
diff --git a/website/source/docs/providers/aws/d/security_group.html.markdown b/website/source/docs/providers/aws/d/security_group.html.markdown
index 928c4a0095..8a528eb867 100644
--- a/website/source/docs/providers/aws/d/security_group.html.markdown
+++ b/website/source/docs/providers/aws/d/security_group.html.markdown
@@ -67,3 +67,4 @@ any fields that are not included in the configuration with the data for
 the selected Security Group.
 Additionally, the `description` attribute is exported.
 
+~> **Note:** The [default security group for a VPC](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html#DefaultSecurityGroup) has the name `default`.