Paul Hinze 473b03ccae providers/aws: fix source_dest_check on instance creation
The `SourceDestCheck` attribute can only be changed via
`ModifyInstance`, so the AWS instance resource's `Create` function calls
out to `Update` before it returns to take care of applying
`source_dest_check` properly.

The `Update` function originally guarded against unnecessary API calls
with `GetOk`, which worked fine until #993 when we changed the `GetOk`
semantics to no longer distinguish between "configured and zero-value"
and "not configured".

I attempted in #1003 to fix this by switching to `HasChange` for the
guard, but this does not work in the `Create` case.

I played around with a few different ideas, none of which worked:

(a) Setting `Default: true` on `source_dest_check' has no effect

(b) Setting `Computed: true` on `source_dest_check' and adding a `d.Set`
    call in the `Read` function (which will initially set the value to `true`
    after instance creation). I really thought I could get this to work,
    but it results in the following:

d.Get('source_dest_check')       // true
d.HasChange('source_dest_check') // false
d.GetChange('source_dest_check') // old: false, new: false

I couldn't figure out a way of coherently dealing with that result, so I
ended up throwing up my hands and giving up on the guard altogether.
We'll call `ModifyInstance` more than we have to, but this at least
yields expected behavior for both Creates and Updates.

Fixes #1020
2015-02-21 14:26:46 -06:00

511 lines
12 KiB

package aws
import (
func TestAccAWSInstance_normal(t *testing.T) {
var v ec2.Instance
testCheck := func(*terraform.State) error {
if v.AvailZone != "us-west-2a" {
return fmt.Errorf("bad availability zone: %#v", v.AvailZone)
if len(v.SecurityGroups) == 0 {
return fmt.Errorf("no security groups: %#v", v.SecurityGroups)
if v.SecurityGroups[0].Name != "tf_test_foo" {
return fmt.Errorf("no security groups: %#v", v.SecurityGroups)
return nil
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfig,
Check: resource.ComposeTestCheckFunc(
"", &v),
// We repeat the exact same test so that we can be sure
// that the user data hash stuff is working without generating
// an incorrect diff.
Config: testAccInstanceConfig,
Check: resource.ComposeTestCheckFunc(
"", &v),
func TestAccAWSInstance_blockDevices(t *testing.T) {
var v ec2.Instance
testCheck := func() resource.TestCheckFunc {
return func(*terraform.State) error {
// Map out the block devices by name, which should be unique.
blockDevices := make(map[string]ec2.BlockDevice)
for _, blockDevice := range v.BlockDevices {
blockDevices[blockDevice.DeviceName] = blockDevice
// Check if the root block device exists.
if _, ok := blockDevices["/dev/sda1"]; !ok {
fmt.Errorf("block device doesn't exist: /dev/sda1")
// Check if the secondary block device exists.
if _, ok := blockDevices["/dev/sdb"]; !ok {
fmt.Errorf("block device doesn't exist: /dev/sdb")
return nil
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigBlockDevices,
Check: resource.ComposeTestCheckFunc(
"", &v),
"", "root_block_device.#", "1"),
"", "root_block_device.0.device_name", "/dev/sda1"),
"", "root_block_device.0.volume_size", "11"),
// this one is important because it's the only root_block_device
// attribute that comes back from the API. so checking it verifies
// that we set state properly
"", "root_block_device.0.volume_type", "gp2"),
"", "block_device.#", "1"),
"", "block_device.172787947.device_name", "/dev/sdb"),
"", "block_device.172787947.volume_size", "9"),
func TestAccAWSInstance_sourceDestCheck(t *testing.T) {
var v ec2.Instance
testCheck := func(enabled bool) resource.TestCheckFunc {
return func(*terraform.State) error {
if v.SourceDestCheck != enabled {
return fmt.Errorf("bad source_dest_check: %#v", v.SourceDestCheck)
return nil
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigSourceDestDisable,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("", &v),
Config: testAccInstanceConfigSourceDestEnable,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("", &v),
Config: testAccInstanceConfigSourceDestDisable,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("", &v),
func TestAccAWSInstance_vpc(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigVPC,
Check: resource.ComposeTestCheckFunc(
"", &v),
func TestAccInstance_tags(t *testing.T) {
var v ec2.Instance
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccCheckInstanceConfigTags,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("", &v),
testAccCheckTags(&v.Tags, "foo", "bar"),
// Guard against regression of
testAccCheckTags(&v.Tags, "#", ""),
Config: testAccCheckInstanceConfigTagsUpdate,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("", &v),
testAccCheckTags(&v.Tags, "foo", ""),
testAccCheckTags(&v.Tags, "bar", "baz"),
func TestAccInstance_privateIP(t *testing.T) {
var v ec2.Instance
testCheckPrivateIP := func() resource.TestCheckFunc {
return func(*terraform.State) error {
if v.PrivateIpAddress != "" {
return fmt.Errorf("bad private IP: %s", v.PrivateIpAddress)
return nil
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigPrivateIP,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("", &v),
func TestAccInstance_associatePublicIPAndPrivateIP(t *testing.T) {
var v ec2.Instance
testCheckPrivateIP := func() resource.TestCheckFunc {
return func(*terraform.State) error {
if v.PrivateIpAddress != "" {
return fmt.Errorf("bad private IP: %s", v.PrivateIpAddress)
return nil
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckInstanceDestroy,
Steps: []resource.TestStep{
Config: testAccInstanceConfigAssociatePublicIPAndPrivateIP,
Check: resource.ComposeTestCheckFunc(
testAccCheckInstanceExists("", &v),
func testAccCheckInstanceDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ec2conn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_instance" {
// Try to find the resource
resp, err := conn.Instances(
[]string{rs.Primary.ID}, ec2.NewFilter())
if err == nil {
if len(resp.Reservations) > 0 {
return fmt.Errorf("still exist.")
return nil
// Verify the error is what we want
ec2err, ok := err.(*ec2.Error)
if !ok {
return err
if ec2err.Code != "InvalidInstanceID.NotFound" {
return err
return nil
func testAccCheckInstanceExists(n string, i *ec2.Instance) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
if rs.Primary.ID == "" {
return fmt.Errorf("No ID is set")
conn := testAccProvider.Meta().(*AWSClient).ec2conn
resp, err := conn.Instances(
[]string{rs.Primary.ID}, ec2.NewFilter())
if err != nil {
return err
if len(resp.Reservations) == 0 {
return fmt.Errorf("Instance not found")
*i = resp.Reservations[0].Instances[0]
return nil
func TestInstanceTenancySchema(t *testing.T) {
actualSchema := resourceAwsInstance().Schema["tenancy"]
expectedSchema := &schema.Schema{
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
if !reflect.DeepEqual(actualSchema, expectedSchema) {
const testAccInstanceConfig = `
resource "aws_security_group" "tf_test_foo" {
name = "tf_test_foo"
description = "foo"
ingress {
protocol = "icmp"
from_port = -1
to_port = -1
cidr_blocks = [""]
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-4fccb37f"
availability_zone = "us-west-2a"
instance_type = "m1.small"
security_groups = ["${}"]
user_data = "foo"
const testAccInstanceConfigBlockDevices = `
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-55a7ea65"
instance_type = "m1.small"
root_block_device {
device_name = "/dev/sda1"
volume_type = "gp2"
volume_size = 11
block_device {
device_name = "/dev/sdb"
volume_size = 9
const testAccInstanceConfigSourceDestEnable = `
resource "aws_vpc" "foo" {
cidr_block = ""
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${}"
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-4fccb37f"
instance_type = "m1.small"
subnet_id = "${}"
source_dest_check = true
const testAccInstanceConfigSourceDestDisable = `
resource "aws_vpc" "foo" {
cidr_block = ""
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${}"
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-4fccb37f"
instance_type = "m1.small"
subnet_id = "${}"
source_dest_check = false
const testAccInstanceConfigVPC = `
resource "aws_vpc" "foo" {
cidr_block = ""
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${}"
resource "aws_instance" "foo" {
# us-west-2
ami = "ami-4fccb37f"
instance_type = "m1.small"
subnet_id = "${}"
associate_public_ip_address = true
tenancy = "dedicated"
const testAccCheckInstanceConfigTags = `
resource "aws_instance" "foo" {
ami = "ami-4fccb37f"
instance_type = "m1.small"
tags {
foo = "bar"
const testAccCheckInstanceConfigTagsUpdate = `
resource "aws_instance" "foo" {
ami = "ami-4fccb37f"
instance_type = "m1.small"
tags {
bar = "baz"
const testAccInstanceConfigPrivateIP = `
resource "aws_vpc" "foo" {
cidr_block = ""
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${}"
resource "aws_instance" "foo" {
ami = "ami-c5eabbf5"
instance_type = "t2.micro"
subnet_id = "${}"
private_ip = ""
const testAccInstanceConfigAssociatePublicIPAndPrivateIP = `
resource "aws_vpc" "foo" {
cidr_block = ""
resource "aws_subnet" "foo" {
cidr_block = ""
vpc_id = "${}"
resource "aws_instance" "foo" {
ami = "ami-c5eabbf5"
instance_type = "t2.micro"
subnet_id = "${}"
associate_public_ip_address = true
private_ip = ""