Creating aws_security_group_rule with no cidr or source_security_group doesn't throw a syntax error. break the tfstate file

[packplusplus]

TF: 0.6.4 and TF: 0.6.5

I accidently applied an aws_security_group_rule with no cidr or source_security_group and it broke my tfstate. This example shows the bug. It should throw a syntax error on plan. If you do this, you have to manually remove sg_test_egress_all from the tfstate file, fix your tf config and re-apply.

provider "aws" {
}

resource "aws_security_group" "sg_test" {
  name = "sg_test"
  description = "sg_test"
}

resource "aws_security_group_rule" "sg_test_egress_all" {
  type = "egress"
  from_port = 0
  to_port = 0
  protocol = "-1"
  security_group_id = "${aws_security_group.sg_test.id}"
}

Outputs:

aws_security_group.sg_test: Creating...
  description: "" => "sg_test"
  egress.#:    "" => "<computed>"
  ingress.#:   "" => "<computed>"
  name:        "" => "sg_test"
  owner_id:    "" => "<computed>"
  vpc_id:      "" => "<computed>"
aws_security_group.sg_test: Creation complete
aws_security_group_rule.sg_test_egress_all: Creating...
  from_port:                "" => "0"
  protocol:                 "" => "-1"
  security_group_id:        "" => "sg-58459e3e"
  self:                     "" => "0"
  source_security_group_id: "" => "<computed>"
  to_port:                  "" => "0"
  type:                     "" => "egress"
Error applying plan:

1 error(s) occurred:

* aws_security_group_rule.sg_test_egress_all: [WARN] No egress rules were found for Security Group (sg_test) looking for Security Group Rule (sgrule-851684829)

Supplying a cidr and a source_security_group is caught and throws a syntax error.

[grubernaut]

Fixed in #11809

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.