diff --git a/aws/import_aws_security_group.go b/aws/import_aws_security_group.go deleted file mode 100644 index 7cf813e7e651..000000000000 --- a/aws/import_aws_security_group.go +++ /dev/null @@ -1,175 +0,0 @@ -package aws - -import ( - "fmt" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/terraform-providers/terraform-provider-aws/aws/internal/naming" -) - -// Security group import fans out to multiple resources due to the -// security group rules. Instead of creating one resource with nested -// rules, we use the best practices approach of one resource per rule. -func resourceAwsSecurityGroupImportState( - d *schema.ResourceData, - meta interface{}) ([]*schema.ResourceData, error) { - conn := meta.(*AWSClient).ec2conn - - // First query the security group - sgRaw, _, err := SGStateRefreshFunc(conn, d.Id())() - if err != nil { - return nil, err - } - if sgRaw == nil { - return nil, fmt.Errorf("security group not found") - } - sg := sgRaw.(*ec2.SecurityGroup) - - // Perform nil check to avoid ImportStateVerify difference when unconfigured - if namePrefix := naming.NamePrefixFromName(aws.StringValue(sg.GroupName)); namePrefix != nil { - d.Set("name_prefix", namePrefix) - } - - // Start building our results - results := make([]*schema.ResourceData, 1, - 1+len(sg.IpPermissions)+len(sg.IpPermissionsEgress)) - results[0] = d - - // Construct the rules - permMap := map[string][]*ec2.IpPermission{ - "ingress": sg.IpPermissions, - "egress": sg.IpPermissionsEgress, - } - for ruleType, perms := range permMap { - for _, perm := range perms { - ds := resourceAwsSecurityGroupImportStatePerm(sg, ruleType, perm) - results = append(results, ds...) - } - } - - return results, nil -} - -func resourceAwsSecurityGroupImportStatePerm(sg *ec2.SecurityGroup, ruleType string, perm *ec2.IpPermission) []*schema.ResourceData { - /* - Create a separate Security Group Rule for: - * The collection of IpRanges (cidr_blocks) - * The collection of Ipv6Ranges (ipv6_cidr_blocks) - * Each individual UserIdGroupPair (source_security_group_id) - - If, for example, a security group has rules for: - * 2 IpRanges - * 2 Ipv6Ranges - * 2 UserIdGroupPairs - - This would generate 4 security group rules: - * 1 for the collection of IpRanges - * 1 for the collection of Ipv6Ranges - * 1 for the first UserIdGroupPair - * 1 for the second UserIdGroupPair - */ - var result []*schema.ResourceData - - if perm.IpRanges != nil { - p := &ec2.IpPermission{ - FromPort: perm.FromPort, - IpProtocol: perm.IpProtocol, - PrefixListIds: perm.PrefixListIds, - ToPort: perm.ToPort, - IpRanges: perm.IpRanges, - } - - r := resourceAwsSecurityGroupImportStatePermPair(sg, ruleType, p) - result = append(result, r) - } - - if perm.Ipv6Ranges != nil { - p := &ec2.IpPermission{ - FromPort: perm.FromPort, - IpProtocol: perm.IpProtocol, - PrefixListIds: perm.PrefixListIds, - ToPort: perm.ToPort, - Ipv6Ranges: perm.Ipv6Ranges, - } - - r := resourceAwsSecurityGroupImportStatePermPair(sg, ruleType, p) - result = append(result, r) - } - - if len(perm.UserIdGroupPairs) > 0 { - for _, pair := range perm.UserIdGroupPairs { - p := &ec2.IpPermission{ - FromPort: perm.FromPort, - IpProtocol: perm.IpProtocol, - PrefixListIds: perm.PrefixListIds, - ToPort: perm.ToPort, - UserIdGroupPairs: []*ec2.UserIdGroupPair{pair}, - } - - r := resourceAwsSecurityGroupImportStatePermPair(sg, ruleType, p) - result = append(result, r) - } - } - - if len(result) == 0 && len(perm.PrefixListIds) > 0 { - p := &ec2.IpPermission{ - FromPort: perm.FromPort, - IpProtocol: perm.IpProtocol, - PrefixListIds: perm.PrefixListIds, - ToPort: perm.ToPort, - } - - r := resourceAwsSecurityGroupImportStatePermPair(sg, ruleType, p) - result = append(result, r) - } - - return result -} - -func resourceAwsSecurityGroupImportStatePermPair(sg *ec2.SecurityGroup, ruleType string, perm *ec2.IpPermission) *schema.ResourceData { - // Construct the rule. We do this by populating the absolute - // minimum necessary for Refresh on the rule to work. This - // happens to be a lot of fields since they're almost all needed - // for de-dupping. - sgId := sg.GroupId - id := ipPermissionIDHash(*sgId, ruleType, perm) - ruleResource := resourceAwsSecurityGroupRule() - d := ruleResource.Data(nil) - d.SetId(id) - d.SetType("aws_security_group_rule") - d.Set("security_group_id", sgId) - d.Set("type", ruleType) - - // 'self' is false by default. Below, we range over the group ids and set true - // if the parent sg id is found - d.Set("self", false) - - if len(perm.UserIdGroupPairs) > 0 { - s := perm.UserIdGroupPairs[0] - - // Check for Pair that is the same as the Security Group, to denote self. - // Otherwise, mark the group id in source_security_group_id - isVPC := sg.VpcId != nil && *sg.VpcId != "" - if isVPC { - if *s.GroupId == *sg.GroupId { - d.Set("self", true) - // prune the self reference from the UserIdGroupPairs, so we don't - // have duplicate sg ids (both self and in source_security_group_id) - perm.UserIdGroupPairs = append(perm.UserIdGroupPairs[:0], perm.UserIdGroupPairs[0+1:]...) - } - } else { - if *s.GroupName == *sg.GroupName { - d.Set("self", true) - // prune the self reference from the UserIdGroupPairs, so we don't - // have duplicate sg ids (both self and in source_security_group_id) - perm.UserIdGroupPairs = append(perm.UserIdGroupPairs[:0], perm.UserIdGroupPairs[0+1:]...) - } - } - } - - setFromIPPerm(d, sg, perm) - - return d -} diff --git a/aws/resource_aws_security_group.go b/aws/resource_aws_security_group.go index b35e4bcc6b3c..ca74d528d779 100644 --- a/aws/resource_aws_security_group.go +++ b/aws/resource_aws_security_group.go @@ -29,7 +29,7 @@ func resourceAwsSecurityGroup() *schema.Resource { Update: resourceAwsSecurityGroupUpdate, Delete: resourceAwsSecurityGroupDelete, Importer: &schema.ResourceImporter{ - State: resourceAwsSecurityGroupImportState, + State: schema.ImportStatePassthrough, }, Timeouts: &schema.ResourceTimeout{ @@ -383,8 +383,9 @@ func resourceAwsSecurityGroupRead(d *schema.ResourceData, meta interface{}) erro d.Set("arn", sgArn.String()) d.Set("description", sg.Description) d.Set("name", sg.GroupName) - d.Set("vpc_id", sg.VpcId) + d.Set("name_prefix", aws.StringValue(naming.NamePrefixFromName(aws.StringValue(sg.GroupName)))) d.Set("owner_id", sg.OwnerId) + d.Set("vpc_id", sg.VpcId) if err := d.Set("ingress", ingressRules); err != nil { log.Printf("[WARN] Error setting Ingress rule set for (%s): %s", d.Id(), err) diff --git a/aws/resource_aws_security_group_test.go b/aws/resource_aws_security_group_test.go index c3ff8af58325..5bf81a2a4a51 100644 --- a/aws/resource_aws_security_group_test.go +++ b/aws/resource_aws_security_group_test.go @@ -643,7 +643,6 @@ func TestAccAWSSecurityGroup_IPRangeAndSecurityGroupWithSameRules(t *testing.T) { ResourceName: resourceName, ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(4), ImportStateVerify: true, ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, @@ -669,7 +668,6 @@ func TestAccAWSSecurityGroup_IPRangesWithSameRules(t *testing.T) { { ResourceName: resourceName, ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(3), ImportStateVerify: true, ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, @@ -710,13 +708,10 @@ func TestAccAWSSecurityGroup_basic(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(2), - // NOTE: These ImportStateVerify functions are currently broken because of known issues with multi-import. - // Once those are fixed we can uncomment all these. - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -739,11 +734,10 @@ func TestAccAWSSecurityGroup_egressConfigMode(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(3), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, { Config: testAccAWSSecurityGroupConfigEgressConfigModeNoBlocks(), @@ -780,11 +774,10 @@ func TestAccAWSSecurityGroup_ingressConfigMode(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(3), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, { Config: testAccAWSSecurityGroupConfigIngressConfigModeNoBlocks(), @@ -894,11 +887,10 @@ func TestAccAWSSecurityGroup_ruleGathering(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(8), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -937,11 +929,10 @@ func TestAccAWSSecurityGroup_forceRevokeRulesTrue(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(2), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, // Verify the DependencyViolation error by using a configuration with the // groups removed. Terraform tries to destroy them but cannot. Expect a @@ -1019,11 +1010,10 @@ func TestAccAWSSecurityGroup_forceRevokeRulesFalse(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(2), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, // Verify the DependencyViolation error by using a configuration with the // groups removed, and the Groups not configured to revoke their ruls. @@ -1094,11 +1084,10 @@ func TestAccAWSSecurityGroup_ipv6(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(3), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1170,11 +1159,10 @@ func TestAccAWSSecurityGroup_self(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(3), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1217,11 +1205,10 @@ func TestAccAWSSecurityGroup_vpc(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(3), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1257,11 +1244,10 @@ func TestAccAWSSecurityGroup_vpcNegOneIngress(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(2), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1295,11 +1281,10 @@ func TestAccAWSSecurityGroup_vpcProtoNumIngress(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(2), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1321,11 +1306,10 @@ func TestAccAWSSecurityGroup_multiIngress(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(3), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1348,11 +1332,10 @@ func TestAccAWSSecurityGroup_change(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(2), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, { Config: testAccAWSSecurityGroupConfigChange, @@ -1407,11 +1390,10 @@ func TestAccAWSSecurityGroup_ruleDescription(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(3), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, // Change just the rule descriptions. { @@ -1521,11 +1503,10 @@ func TestAccAWSSecurityGroup_defaultEgressVPC(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(2), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1554,7 +1535,6 @@ func TestAccAWSSecurityGroup_defaultEgressClassic(t *testing.T) { { ResourceName: resourceName, ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(1), ImportStateVerify: true, ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, @@ -1604,11 +1584,13 @@ func TestAccAWSSecurityGroup_drift(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(2), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + // In rules with cidr_block drift, import only creates a single ingress + // rule with the cidr_blocks de-normalized. During subsequent apply, its + // normalized to create the 2 ingress rules seen in checks above. + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete", "ingress", "egress"}, }, }, }) @@ -1679,11 +1661,13 @@ func TestAccAWSSecurityGroup_driftComplex(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(5), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + // In rules with cidr_block drift, import only creates a single ingress + // rule with the cidr_blocks de-normalized. During subsequent apply, its + // normalized to create the 2 ingress rules seen in checks above. + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete", "ingress", "egress"}, }, }, }) @@ -1735,7 +1719,6 @@ func TestAccAWSSecurityGroup_tags(t *testing.T) { { ResourceName: resourceName, ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(1), ImportStateVerify: true, ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, @@ -1769,11 +1752,10 @@ func TestAccAWSSecurityGroup_CIDRandGroups(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(5), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1821,11 +1803,10 @@ func TestAccAWSSecurityGroup_ingressWithCidrAndSGsVPC(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(5), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1865,11 +1846,10 @@ func TestAccAWSSecurityGroup_ingressWithCidrAndSGsClassic(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(4), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1894,11 +1874,10 @@ func TestAccAWSSecurityGroup_egressWithPrefixList(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(2), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1923,11 +1902,10 @@ func TestAccAWSSecurityGroup_ingressWithPrefixList(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(2), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete"}, }, }, }) @@ -1975,25 +1953,15 @@ func TestAccAWSSecurityGroup_ipv4andipv6Egress(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccAWSSecurityGroupImportStateCheckFunc(3), - //ImportStateVerify: true, - //ImportStateVerifyIgnore: []string{"revoke_rules_on_delete", "egress"}, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"revoke_rules_on_delete", "egress"}, }, }, }) } -func testAccAWSSecurityGroupImportStateCheckFunc(expectedStates int) resource.ImportStateCheckFunc { - return func(s []*terraform.InstanceState) error { - if len(s) != expectedStates { - return fmt.Errorf("expected %d states, got %d: %#v", expectedStates, len(s), s) - } - return nil - } -} - func testAccAWSSecurityGroupCheckVPCIDExists(group *ec2.SecurityGroup) resource.TestCheckFunc { return func(*terraform.State) error { if *group.VpcId == "" { diff --git a/website/docs/guides/version-3-upgrade.html.md b/website/docs/guides/version-3-upgrade.html.md index fb3fd979f1a0..01b50072de63 100644 --- a/website/docs/guides/version-3-upgrade.html.md +++ b/website/docs/guides/version-3-upgrade.html.md @@ -30,6 +30,7 @@ Upgrade topics: - [Resource: aws_lb_listener_rule](#resource-aws_lb_listener_rule) - [Resource: aws_msk_cluster](#resource-aws_msk_cluster) - [Resource: aws_s3_bucket](#resource-aws_s3_bucket) +- [Resource: aws_security_group](#resource-aws_security_group) - [Resource: aws_sns_platform_application](#resource-aws_sns_platform_application) - [Resource: aws_spot_fleet_request](#resource-aws_spot_fleet_request) @@ -460,6 +461,12 @@ resource "aws_s3_bucket" "example" { } ``` +## Resource: aws_security_group + +### Removal of Automatic aws_security_group_rule Import + +Previously when importing the `aws_security_group` resource with the [`terraform import` command](/docs/commands/import.html), the Terraform AWS Provider would automatically attempt to import an associated `aws_security_group_rule` resource(s) as well. This automatic resource import has been removed. Use the [`aws_security_group_rule` resource import](/docs/providers/aws/r/security_group_rule.html#import) to import those resources separately. + ## Resource: aws_sns_platform_application ### platform_credential and platform_principal Arguments No Longer Stored as SHA256 Hash