Merge pull request hashicorp#37357 from hashicorp/t-security-group-id…

…s-const-over-literals

security_group_ids: Prefer const over literal

.ci/.semgrep.yml

@@ -785,6 +785,16 @@ rules:
       - pattern: '"state"'
     severity: ERROR
     fix: "names.AttrState"
+  - id: literal-security_group_ids-string-constant
+    languages: [go]
+    message: Use the constant `names.AttrSecurityGroupIDs` for the string literal `security_group_ids`
+    paths:
+      include:
+        - "internal/service/**/*.go"
+    patterns:
+      - pattern: '"security_group_ids"'
+    severity: ERROR
+    fix: "names.AttrSecurityGroupIDs"
   - id: literal-status-string-constant
     languages: [go]
     message: Use the constant `names.AttrStatus` for the string literal `status`

internal/service/amp/scraper.go

@@ -150,7 +150,7 @@ func (r *scraperResource) Schema(ctx context.Context, req resource.SchemaRequest
 											stringplanmodifier.RequiresReplace(),
 										},
 									},
-									"security_group_ids": schema.SetAttribute{
+									names.AttrSecurityGroupIDs: schema.SetAttribute{
 										CustomType:  fwtypes.SetOfStringType,
 										ElementType: types.StringType,
 										Optional:    true,

internal/service/apigatewayv2/vpc_link.go

@@ -51,7 +51,7 @@ func resourceVPCLink() *schema.Resource {
 				Required:     true,
 				ValidateFunc: validation.StringLenBetween(1, 128),
 			},
-			"security_group_ids": {
+			names.AttrSecurityGroupIDs: {
 				Type:     schema.TypeSet,
 				Required: true,
 				ForceNew: true,
@@ -78,7 +78,7 @@ func resourceVPCLinkCreate(ctx context.Context, d *schema.ResourceData, meta int
 	name := d.Get(names.AttrName).(string)
 	input := &apigatewayv2.CreateVpcLinkInput{
 		Name:             aws.String(name),
-		SecurityGroupIds: flex.ExpandStringValueSet(d.Get("security_group_ids").(*schema.Set)),
+		SecurityGroupIds: flex.ExpandStringValueSet(d.Get(names.AttrSecurityGroupIDs).(*schema.Set)),
 		SubnetIds:        flex.ExpandStringValueSet(d.Get(names.AttrSubnetIDs).(*schema.Set)),
 		Tags:             getTagsIn(ctx),
 	}
@@ -116,7 +116,7 @@ func resourceVPCLinkRead(ctx context.Context, d *schema.ResourceData, meta inter
 
 	d.Set(names.AttrARN, vpcLinkARN(meta.(*conns.AWSClient), d.Id()))
 	d.Set(names.AttrName, output.Name)
-	d.Set("security_group_ids", output.SecurityGroupIds)
+	d.Set(names.AttrSecurityGroupIDs, output.SecurityGroupIds)
 	d.Set(names.AttrSubnetIDs, output.SubnetIds)
 
 	setTagsOut(ctx, output.Tags)

internal/service/apigatewayv2/vpc_link_data_source.go

@@ -29,7 +29,7 @@ func dataSourceVPCLink() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"security_group_ids": {
+			names.AttrSecurityGroupIDs: {
 				Type:     schema.TypeSet,
 				Computed: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
@@ -62,7 +62,7 @@ func dataSourceVPCLinkRead(ctx context.Context, d *schema.ResourceData, meta int
 	d.SetId(vpcLinkID)
 	d.Set(names.AttrARN, vpcLinkARN(meta.(*conns.AWSClient), d.Id()))
 	d.Set(names.AttrName, output.Name)
-	d.Set("security_group_ids", output.SecurityGroupIds)
+	d.Set(names.AttrSecurityGroupIDs, output.SecurityGroupIds)
 	d.Set(names.AttrSubnetIDs, output.SubnetIds)
 
 	setTagsOut(ctx, output.Tags)

internal/service/appstream/fleet.go

@@ -197,7 +197,7 @@ func ResourceFleet() *schema.Resource {
 				Computed: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						"security_group_ids": {
+						names.AttrSecurityGroupIDs: {
 							Type:     schema.TypeList,
 							Optional: true,
 							Computed: true,
@@ -679,7 +679,7 @@ func expandVPCConfig(tfList []interface{}) *appstream.VpcConfig {
 	apiObject := &appstream.VpcConfig{}
 
 	tfMap := tfList[0].(map[string]interface{})
-	if v, ok := tfMap["security_group_ids"]; ok {
+	if v, ok := tfMap[names.AttrSecurityGroupIDs]; ok {
 		apiObject.SecurityGroupIds = flex.ExpandStringList(v.([]interface{}))
 	}
 
@@ -702,7 +702,7 @@ func flattenVPCConfig(apiObject *appstream.VpcConfig) map[string]interface{} {
 	tfMap := map[string]interface{}{}
 
 	if v := apiObject.SecurityGroupIds; v != nil {
-		tfMap["security_group_ids"] = aws.StringValueSlice(v)
+		tfMap[names.AttrSecurityGroupIDs] = aws.StringValueSlice(v)
 	}
 
 	if v := apiObject.SubnetIds; v != nil {

internal/service/appstream/image_builder.go

@@ -158,7 +158,7 @@ func ResourceImageBuilder() *schema.Resource {
 				ForceNew: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						"security_group_ids": {
+						names.AttrSecurityGroupIDs: {
 							Type:     schema.TypeSet,
 							Optional: true,
 							Computed: true,
@@ -341,7 +341,7 @@ func expandImageBuilderVPCConfig(tfList []interface{}) *appstream.VpcConfig {
 
 	apiObject := &appstream.VpcConfig{}
 
-	if v, ok := tfMap["security_group_ids"].(*schema.Set); ok && v.Len() > 0 {
+	if v, ok := tfMap[names.AttrSecurityGroupIDs].(*schema.Set); ok && v.Len() > 0 {
 		apiObject.SecurityGroupIds = flex.ExpandStringSet(v)
 	}
 	if v, ok := tfMap[names.AttrSubnetIDs].(*schema.Set); ok && v.Len() > 0 {

internal/service/batch/compute_environment.go

@@ -172,7 +172,7 @@ func ResourceComputeEnvironment() *schema.Resource {
 							Optional: true,
 							ForceNew: true,
 						},
-						"security_group_ids": {
+						names.AttrSecurityGroupIDs: {
 							Type:     schema.TypeSet,
 							Optional: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
@@ -938,7 +938,7 @@ func expandComputeResource(ctx context.Context, tfMap map[string]interface{}) *b
 		apiObject.PlacementGroup = aws.String(v)
 	}
 
-	if v, ok := tfMap["security_group_ids"].(*schema.Set); ok && v.Len() > 0 {
+	if v, ok := tfMap[names.AttrSecurityGroupIDs].(*schema.Set); ok && v.Len() > 0 {
 		apiObject.SecurityGroupIds = flex.ExpandStringSet(v)
 	}
 
@@ -1159,7 +1159,7 @@ func flattenComputeResource(ctx context.Context, apiObject *batch.ComputeResourc
 	}
 
 	if v := apiObject.SecurityGroupIds; v != nil {
-		tfMap["security_group_ids"] = aws.StringValueSlice(v)
+		tfMap[names.AttrSecurityGroupIDs] = aws.StringValueSlice(v)
 	}
 
 	if v := apiObject.SpotIamFleetRole; v != nil {

internal/service/bedrock/custom_model.go

@@ -256,7 +256,7 @@ func (r *customModelResource) Schema(ctx context.Context, request resource.Schem
 				},
 				NestedObject: schema.NestedBlockObject{
 					Attributes: map[string]schema.Attribute{
-						"security_group_ids": schema.SetAttribute{
+						names.AttrSecurityGroupIDs: schema.SetAttribute{
 							CustomType:  fwtypes.SetOfStringType,
 							Required:    true,
 							ElementType: types.StringType,

internal/service/codebuild/project.go

@@ -676,7 +676,7 @@ func resourceProject() *schema.Resource {
 							Elem:     &schema.Schema{Type: schema.TypeString},
 							MaxItems: 16,
 						},
-						"security_group_ids": {
+						names.AttrSecurityGroupIDs: {
 							Type:     schema.TypeSet,
 							Required: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
@@ -1509,7 +1509,7 @@ func expandVPCConfig(tfMap map[string]interface{}) *types.VpcConfig {
 	}
 
 	apiObject := &types.VpcConfig{
-		SecurityGroupIds: flex.ExpandStringValueSet(tfMap["security_group_ids"].(*schema.Set)),
+		SecurityGroupIds: flex.ExpandStringValueSet(tfMap[names.AttrSecurityGroupIDs].(*schema.Set)),
 		Subnets:          flex.ExpandStringValueSet(tfMap["subnets"].(*schema.Set)),
 		VpcId:            aws.String(tfMap[names.AttrVPCID].(string)),
 	}
@@ -1914,7 +1914,7 @@ func flattenVPCConfig(apiObject *types.VpcConfig) []interface{} {
 
 	tfMap[names.AttrVPCID] = aws.ToString(apiObject.VpcId)
 	tfMap["subnets"] = apiObject.Subnets
-	tfMap["security_group_ids"] = apiObject.SecurityGroupIds
+	tfMap[names.AttrSecurityGroupIDs] = apiObject.SecurityGroupIds
 
 	return []interface{}{tfMap}
 }

internal/service/codestarconnections/host.go

@@ -71,7 +71,7 @@ func resourceHost() *schema.Resource {
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						"security_group_ids": {
+						names.AttrSecurityGroupIDs: {
 							Type:     schema.TypeSet,
 							Required: true,
 							MinItems: 1,
@@ -206,7 +206,7 @@ func expandHostVPCConfiguration(l []interface{}) *types.VpcConfiguration {
 	m := l[0].(map[string]interface{})
 
 	vc := &types.VpcConfiguration{
-		SecurityGroupIds: flex.ExpandStringValueSet(m["security_group_ids"].(*schema.Set)),
+		SecurityGroupIds: flex.ExpandStringValueSet(m[names.AttrSecurityGroupIDs].(*schema.Set)),
 		SubnetIds:        flex.ExpandStringValueSet(m[names.AttrSubnetIDs].(*schema.Set)),
 		VpcId:            aws.String(m[names.AttrVPCID].(string)),
 	}
@@ -224,9 +224,9 @@ func flattenHostVPCConfiguration(vpcConfig *types.VpcConfiguration) []interface{
 	}
 
 	m := map[string]interface{}{
-		"security_group_ids": vpcConfig.SecurityGroupIds,
-		names.AttrSubnetIDs:  vpcConfig.SubnetIds,
-		names.AttrVPCID:      aws.ToString(vpcConfig.VpcId),
+		names.AttrSecurityGroupIDs: vpcConfig.SecurityGroupIds,
+		names.AttrSubnetIDs:        vpcConfig.SubnetIds,
+		names.AttrVPCID:            aws.ToString(vpcConfig.VpcId),
 	}
 
 	if vpcConfig.TlsCertificate != nil {

internal/service/comprehend/common_model.go

@@ -16,6 +16,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-aws/internal/flex"
 	tfec2 "github.com/hashicorp/terraform-provider-aws/internal/service/ec2"
+	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
 type safeMutex struct {
@@ -110,8 +111,8 @@ func flattenVPCConfig(apiObject *types.VpcConfig) []interface{} {
 	}
 
 	m := map[string]interface{}{
-		"security_group_ids": flex.FlattenStringValueSet(apiObject.SecurityGroupIds),
-		"subnets":            flex.FlattenStringValueSet(apiObject.Subnets),
+		names.AttrSecurityGroupIDs: flex.FlattenStringValueSet(apiObject.SecurityGroupIds),
+		"subnets":                  flex.FlattenStringValueSet(apiObject.Subnets),
 	}
 
 	return []interface{}{m}
@@ -125,7 +126,7 @@ func expandVPCConfig(tfList []interface{}) *types.VpcConfig {
 	tfMap := tfList[0].(map[string]interface{})
 
 	a := &types.VpcConfig{
-		SecurityGroupIds: flex.ExpandStringValueSet(tfMap["security_group_ids"].(*schema.Set)),
+		SecurityGroupIds: flex.ExpandStringValueSet(tfMap[names.AttrSecurityGroupIDs].(*schema.Set)),
 		Subnets:          flex.ExpandStringValueSet(tfMap["subnets"].(*schema.Set)),
 	}
 

internal/service/comprehend/document_classifier.go

@@ -219,7 +219,7 @@ func ResourceDocumentClassifier() *schema.Resource {
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						"security_group_ids": {
+						names.AttrSecurityGroupIDs: {
 							Type:     schema.TypeSet,
 							Required: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},

internal/service/comprehend/entity_recognizer.go

@@ -240,7 +240,7 @@ func ResourceEntityRecognizer() *schema.Resource {
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						"security_group_ids": {
+						names.AttrSecurityGroupIDs: {
 							Type:     schema.TypeSet,
 							Required: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},

internal/service/dax/cluster.go

@@ -127,7 +127,7 @@ func ResourceCluster() *schema.Resource {
 				},
 				ValidateFunc: verify.ValidOnceAWeekWindowFormat,
 			},
-			"security_group_ids": {
+			names.AttrSecurityGroupIDs: {
 				Type:     schema.TypeSet,
 				Optional: true,
 				Computed: true,
@@ -214,7 +214,7 @@ func resourceClusterCreate(ctx context.Context, d *schema.ResourceData, meta int
 	nodeType := d.Get("node_type").(string)
 	numNodes := int32(d.Get("replication_factor").(int))
 	subnetGroupName := d.Get("subnet_group_name").(string)
-	securityIdSet := d.Get("security_group_ids").(*schema.Set)
+	securityIdSet := d.Get(names.AttrSecurityGroupIDs).(*schema.Set)
 	securityIds := flex.ExpandStringSet(securityIdSet)
 	input := &dax.CreateClusterInput{
 		ClusterName:       aws.String(clusterName),
@@ -346,7 +346,7 @@ func resourceClusterRead(ctx context.Context, d *schema.ResourceData, meta inter
 	}
 
 	d.Set("subnet_group_name", c.SubnetGroup)
-	d.Set("security_group_ids", flattenSecurityGroupIDs(c.SecurityGroups))
+	d.Set(names.AttrSecurityGroupIDs, flattenSecurityGroupIDs(c.SecurityGroups))
 
 	if c.ParameterGroup != nil {
 		d.Set("parameter_group_name", c.ParameterGroup.ParameterGroupName)
@@ -386,8 +386,8 @@ func resourceClusterUpdate(ctx context.Context, d *schema.ResourceData, meta int
 		requestUpdate = true
 	}
 
-	if d.HasChange("security_group_ids") {
-		if attr := d.Get("security_group_ids").(*schema.Set); attr.Len() > 0 {
+	if d.HasChange(names.AttrSecurityGroupIDs) {
+		if attr := d.Get(names.AttrSecurityGroupIDs).(*schema.Set); attr.Len() > 0 {
 			req.SecurityGroupIds = flex.ExpandStringValueSet(attr)
 			requestUpdate = true
 		}

internal/service/devicefarm/test_grid_project.go

@@ -57,7 +57,7 @@ func ResourceTestGridProject() *schema.Resource {
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						"security_group_ids": {
+						names.AttrSecurityGroupIDs: {
 							Type:     schema.TypeSet,
 							MinItems: 1,
 							Elem:     &schema.Schema{Type: schema.TypeString},
@@ -197,7 +197,7 @@ func expandTestGridProjectVPCConfig(l []interface{}) *devicefarm.TestGridVpcConf
 	config := &devicefarm.TestGridVpcConfig{
 		VpcId:            aws.String(m[names.AttrVPCID].(string)),
 		SubnetIds:        flex.ExpandStringSet(m[names.AttrSubnetIDs].(*schema.Set)),
-		SecurityGroupIds: flex.ExpandStringSet(m["security_group_ids"].(*schema.Set)),
+		SecurityGroupIds: flex.ExpandStringSet(m[names.AttrSecurityGroupIDs].(*schema.Set)),
 	}
 
 	return config
@@ -209,9 +209,9 @@ func flattenTestGridProjectVPCConfig(conf *devicefarm.TestGridVpcConfig) []inter
 	}
 
 	m := map[string]interface{}{
-		names.AttrVPCID:      aws.StringValue(conf.VpcId),
-		names.AttrSubnetIDs:  flex.FlattenStringSet(conf.SubnetIds),
-		"security_group_ids": flex.FlattenStringSet(conf.SecurityGroupIds),
+		names.AttrVPCID:            aws.StringValue(conf.VpcId),
+		names.AttrSubnetIDs:        flex.FlattenStringSet(conf.SubnetIds),
+		names.AttrSecurityGroupIDs: flex.FlattenStringSet(conf.SecurityGroupIds),
 	}
 
 	return []interface{}{m}

internal/service/ec2/ec2_instance_connect_endpoint.go

@@ -102,7 +102,7 @@ func (r *instanceConnectEndpointResource) Schema(ctx context.Context, req resour
 					boolplanmodifier.RequiresReplace(),
 				},
 			},
-			"security_group_ids": schema.SetAttribute{
+			names.AttrSecurityGroupIDs: schema.SetAttribute{
 				Optional:    true,
 				Computed:    true,
 				ElementType: types.StringType,

internal/service/ec2/verifiedaccess_endpoint.go

@@ -143,7 +143,7 @@ func ResourceVerifiedAccessEndpoint() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
-			"security_group_ids": {
+			names.AttrSecurityGroupIDs: {
 				Type:     schema.TypeSet,
 				Optional: true,
 				ForceNew: true,
@@ -216,7 +216,7 @@ func resourceVerifiedAccessEndpointCreate(ctx context.Context, d *schema.Resourc
 		input.PolicyDocument = aws.String(v.(string))
 	}
 
-	if v, ok := d.GetOk("security_group_ids"); ok && v.(*schema.Set).Len() > 0 {
+	if v, ok := d.GetOk(names.AttrSecurityGroupIDs); ok && v.(*schema.Set).Len() > 0 {
 		input.SecurityGroupIds = flex.ExpandStringValueSet(v.(*schema.Set))
 	}
 
@@ -269,7 +269,7 @@ func resourceVerifiedAccessEndpointRead(ctx context.Context, d *schema.ResourceD
 	if err := d.Set("network_interface_options", flattenVerifiedAccessEndpointEniOptions(ep.NetworkInterfaceOptions)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting network_interface_options: %s", err)
 	}
-	d.Set("security_group_ids", aws.StringSlice(ep.SecurityGroupIds))
+	d.Set(names.AttrSecurityGroupIDs, aws.StringSlice(ep.SecurityGroupIds))
 	if err := d.Set("sse_specification", flattenVerifiedAccessSseSpecificationRequest(ep.SseSpecification)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting sse_specification: %s", err)
 	}