Set security_group_names in aws_elasticache_replication_group on read

Closes #32835
hashicorp · Oct 4, 2024 · 2b40700 · 2b40700
1 parent 943284e
commit 2b40700
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/.changelog/39591.txt b/.changelog/39591.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_elasticache_replication_group: Fix security_group_names causing resource replacement after import
+```
diff --git a/internal/service/elasticache/flex.go b/internal/service/elasticache/flex.go
@@ -10,6 +10,12 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
+func flattenSecurityGroupNames(apiObjects []awstypes.CacheSecurityGroupMembership) []string {
+	return tfslices.ApplyToAll(apiObjects, func(v awstypes.CacheSecurityGroupMembership) string {
+		return aws.ToString(v.CacheSecurityGroupName)
+	})
+}
+
 func flattenSecurityGroupIDs(apiObjects []awstypes.SecurityGroupMembership) []string {
 	return tfslices.ApplyToAll(apiObjects, func(v awstypes.SecurityGroupMembership) string {
 		return aws.ToString(v.SecurityGroupId)

diff --git a/internal/service/elasticache/replication_group.go b/internal/service/elasticache/replication_group.go
@@ -754,6 +754,16 @@ func resourceReplicationGroupRead(ctx context.Context, d *schema.ResourceData, m
 			return sdkdiag.AppendErrorf(diags, "reading ElastiCache Replication Group (%s): reading Cache Cluster (%s): %s", d.Id(), aws.ToString(cacheCluster.CacheClusterId), err)
 		}
 
+		// `aws_elasticache_cluster` resource doesn't define `security_group_names`, but `aws_elasticache_replication_group` does.
+		// The value for that comes from []CacheSecurityGroupMembership which is part of CacheCluster object in AWS API.
+		// We need to set it here, as it is not set in setFromCacheCluster, and we cannot add it to that function
+		// without adding `security_group_names` property to `aws_elasticache_cluster` resource.
+		// This fixes the issue when importing `aws_elasticache_replication_group` where Terraform decides to recreate the imported cluster,
+		// because of `security_group_names` is not set and is "(known after apply)"
+		if err := d.Set("security_group_names", flattenSecurityGroupNames(c.CacheSecurityGroups)); err != nil {
+			return sdkdiag.AppendErrorf(diags, "reading ElastiCache Replication Group (%s): reading Cache Cluster (%s): %s", d.Id(), aws.ToString(cacheCluster.CacheClusterId), err)
+		}
+
 		d.Set("at_rest_encryption_enabled", c.AtRestEncryptionEnabled)
 		d.Set("transit_encryption_enabled", c.TransitEncryptionEnabled)
 		d.Set("transit_encryption_mode", c.TransitEncryptionMode)