change inputs back to string from list(string)

README.md

@@ -479,10 +479,10 @@ Available targets:
 | <a name="input_security_group_create_timeout"></a> [security\_group\_create\_timeout](#input\_security\_group\_create\_timeout) | How long to wait for the security group to be created. | `string` | `"10m"` | no |
 | <a name="input_security_group_delete_timeout"></a> [security\_group\_delete\_timeout](#input\_security\_group\_delete\_timeout) | How long to retry on `DependencyViolation` errors during security group deletion from<br>lingering ENIs left by certain AWS services such as Elastic Load Balancing. | `string` | `"15m"` | no |
 | <a name="input_security_group_description"></a> [security\_group\_description](#input\_security\_group\_description) | The description to assign to the created Security Group.<br>Warning: Changing the description causes the security group to be replaced. | `string` | `"Managed by Terraform"` | no |
-| <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | The name to assign to the security group. Must be unique within the VPC.<br>If not provided, will be derived from the `null-label.context` passed in.<br>If `create_before_destroy` is true, will be used as a name prefix. | `list(string)` | `[]` | no |
+| <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | The name to assign to the security group. Must be unique within the VPC.<br>If not provided, will be derived from the `null-label.context` passed in.<br>If `create_before_destroy` is true, will be used as a name prefix. | `string` | `null` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
-| <a name="input_target_security_group_id"></a> [target\_security\_group\_id](#input\_target\_security\_group\_id) | The ID of an existing Security Group to which Security Group rules will be assigned.<br>The Security Group's description will not be changed.<br>Not compatible with `inline_rules_enabled` or `revoke_rules_on_delete`.<br>Required if `create_security_group` is `false`, ignored otherwise. | `list(string)` | `[]` | no |
+| <a name="input_target_security_group_id"></a> [target\_security\_group\_id](#input\_target\_security\_group\_id) | The ID of an existing Security Group to which Security Group rules will be assigned.<br>The Security Group's description will not be changed.<br>Not compatible with `inline_rules_enabled` or `revoke_rules_on_delete`.<br>Required if `create_security_group` is `false`, ignored otherwise. | `string` | `null` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The ID of the VPC where the Security Group will be created. | `string` | n/a | yes |
 

docs/terraform.md

@@ -55,10 +55,10 @@
 | <a name="input_security_group_create_timeout"></a> [security\_group\_create\_timeout](#input\_security\_group\_create\_timeout) | How long to wait for the security group to be created. | `string` | `"10m"` | no |
 | <a name="input_security_group_delete_timeout"></a> [security\_group\_delete\_timeout](#input\_security\_group\_delete\_timeout) | How long to retry on `DependencyViolation` errors during security group deletion from<br>lingering ENIs left by certain AWS services such as Elastic Load Balancing. | `string` | `"15m"` | no |
 | <a name="input_security_group_description"></a> [security\_group\_description](#input\_security\_group\_description) | The description to assign to the created Security Group.<br>Warning: Changing the description causes the security group to be replaced. | `string` | `"Managed by Terraform"` | no |
-| <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | The name to assign to the security group. Must be unique within the VPC.<br>If not provided, will be derived from the `null-label.context` passed in.<br>If `create_before_destroy` is true, will be used as a name prefix. | `list(string)` | `[]` | no |
+| <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | The name to assign to the security group. Must be unique within the VPC.<br>If not provided, will be derived from the `null-label.context` passed in.<br>If `create_before_destroy` is true, will be used as a name prefix. | `string` | `null` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
-| <a name="input_target_security_group_id"></a> [target\_security\_group\_id](#input\_target\_security\_group\_id) | The ID of an existing Security Group to which Security Group rules will be assigned.<br>The Security Group's description will not be changed.<br>Not compatible with `inline_rules_enabled` or `revoke_rules_on_delete`.<br>Required if `create_security_group` is `false`, ignored otherwise. | `list(string)` | `[]` | no |
+| <a name="input_target_security_group_id"></a> [target\_security\_group\_id](#input\_target\_security\_group\_id) | The ID of an existing Security Group to which Security Group rules will be assigned.<br>The Security Group's description will not be changed.<br>Not compatible with `inline_rules_enabled` or `revoke_rules_on_delete`.<br>Required if `create_security_group` is `false`, ignored otherwise. | `string` | `null` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The ID of the VPC where the Security Group will be created. | `string` | n/a | yes |
 

examples/complete/main.tf

@@ -115,7 +115,7 @@ module "new_security_group" {
   security_group_create_timeout = "5m"
   security_group_delete_timeout = "2m"
 
-  security_group_name = [format("%s-%s", module.this.id, "new")]
+  security_group_name = format("%s-%s", module.this.id, "new")
 
   context = module.this.context
 }
@@ -134,10 +134,10 @@ module "target_security_group" {
 
   allow_all_egress = true
   # create_security_group    = false
-  target_security_group_id = [aws_security_group.target.id]
+  target_security_group_id = aws_security_group.target.id
   rules                    = var.rules
 
-  security_group_name = [aws_security_group.target.name_prefix]
+  security_group_name = aws_security_group.target.name_prefix
   vpc_id              = module.vpc.vpc_id
 
   context = module.this.context
@@ -149,7 +149,7 @@ module "disabled_security_group" {
   source = "../.."
 
   vpc_id                   = module.vpc.vpc_id
-  target_security_group_id = [aws_security_group.target.id]
+  target_security_group_id = aws_security_group.target.id
   rules                    = var.rules
 
   context = module.this.context

exports/security_group_inputs.tf

@@ -83,8 +83,8 @@ variable "allowed_ipv6_prefix_list_ids" {
 ## End of optional allowed_* ###########
 
 variable "security_group_name" {
-  type        = list(string)
-  default     = []
+  type        = string
+  default     = null
   description = <<-EOT
     The name to assign to the created security group. Must be unique within the VPC.
     If not provided, will be derived from the `null-label.context` passed in.

main.tf

@@ -6,15 +6,15 @@ locals {
 
   default_rule_description = "Managed by Terraform"
 
-  create_security_group = local.enabled && length(var.target_security_group_id) == 0
+  create_security_group = local.enabled && length(var.target_security_group_id[*]) == 0
 
   created_security_group = local.create_security_group ? (
     var.create_before_destroy ? aws_security_group.cbd[0] : aws_security_group.default[0]
   ) : null
 
   security_group_id = local.enabled ? (
     # Use coalesce() here to hack an error message into the output
-    local.create_security_group ? local.created_security_group.id : coalesce(var.target_security_group_id[0],
+    local.create_security_group ? local.created_security_group.id : coalesce(var.target_security_group_id,
     "var.target_security_group_id contains null value. Omit value if you want this module to create a security group.")
   ) : null
 }
@@ -25,15 +25,15 @@ resource "aws_security_group" "default" {
   # Because we have 2 almost identical alternatives, use x == false and x == true rather than x and !x
   count = local.create_security_group && var.create_before_destroy == false ? 1 : 0
 
-  name = concat(var.security_group_name, [module.this.id])[0]
+  name = concat(var.security_group_name[*], [module.this.id])[0]
 
   ########################################################################
   ## Everything from here to the end of this resource should be identical
   ## (copy and paste) in aws_security_group.default and aws_security_group.cbd
 
   description = var.security_group_description
   vpc_id      = var.vpc_id
-  tags        = merge(module.this.tags, try(length(var.security_group_name[0]), 0) > 0 ? { Name = var.security_group_name[0] } : {})
+  tags        = merge(module.this.tags, try(length(var.security_group_name[*]), 0) > 0 ? { Name = var.security_group_name } : {})
 
   revoke_rules_on_delete = var.revoke_rules_on_delete
 
@@ -82,7 +82,7 @@ resource "aws_security_group" "cbd" {
   # Because we have 2 almost identical alternatives, use x == false and x == true rather than x and !x
   count = local.create_security_group && var.create_before_destroy == true ? 1 : 0
 
-  name_prefix = concat(var.security_group_name, ["${module.this.id}${module.this.delimiter}"])[0]
+  name_prefix = concat(var.security_group_name[*], ["${module.this.id}${module.this.delimiter}"])[0]
   lifecycle {
     create_before_destroy = true
   }
@@ -93,7 +93,7 @@ resource "aws_security_group" "cbd" {
 
   description = var.security_group_description
   vpc_id      = var.vpc_id
-  tags        = merge(module.this.tags, try(length(var.security_group_name[0]), 0) > 0 ? { Name = var.security_group_name[0] } : {})
+  tags        = merge(module.this.tags, try(length(var.security_group_name[*]), 0) > 0 ? { Name = var.security_group_name } : {})
 
   revoke_rules_on_delete = var.revoke_rules_on_delete
 

variables.tf

@@ -1,30 +1,22 @@
 variable "target_security_group_id" {
-  type        = list(string)
-  default     = []
+  type        = string
+  default     = null
   description = <<-EOT
     The ID of an existing Security Group to which Security Group rules will be assigned.
     The Security Group's description will not be changed.
     Not compatible with `inline_rules_enabled` or `revoke_rules_on_delete`.
     Required if `create_security_group` is `false`, ignored otherwise.
     EOT
-  validation {
-    condition     = length(var.target_security_group_id) < 2
-    error_message = "Only 1 security group can be targeted."
-  }
 }
 
 variable "security_group_name" {
-  type        = list(string)
-  default     = []
+  type        = string
+  default     = null
   description = <<-EOT
     The name to assign to the security group. Must be unique within the VPC.
     If not provided, will be derived from the `null-label.context` passed in.
     If `create_before_destroy` is true, will be used as a name prefix.
     EOT
-  validation {
-    condition     = length(var.security_group_name) < 2
-    error_message = "Only 1 security group name can be provided."
-  }
 }