Fix shared expand function and use WAFv2 policy

hashicorp · Feb 11, 2021 · 6e9f21c · 6e9f21c
1 parent 7864e61
commit 6e9f21c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 8 deletions.
diff --git a/aws/resource_aws_fms_policy.go b/aws/resource_aws_fms_policy.go
@@ -95,6 +95,7 @@ func resourceAwsFmsPolicy() *schema.Resource {
 			"resource_type_list": {
 				Type:          schema.TypeSet,
 				Optional:      true,
+				Computed:      true,
 				Set:           schema.HashString,
 				ConflictsWith: []string{"resource_type"},
 				Elem: &schema.Schema{
@@ -106,6 +107,7 @@ func resourceAwsFmsPolicy() *schema.Resource {
 			"resource_type": {
 				Type:          schema.TypeString,
 				Optional:      true,
+				Computed:      true,
 				ConflictsWith: []string{"resource_type_list"},
 			},
 
@@ -202,9 +204,7 @@ func resourceAwsFmsPolicyFlattenPolicy(d *schema.ResourceData, resp *fms.GetPoli
 	if err := d.Set("resource_type_list", resp.Policy.ResourceTypeList); err != nil {
 		return err
 	}
-	if aws.StringValue(resp.Policy.ResourceType) != "ResourceTypeList" {
-		d.Set("resource_type", aws.StringValue(resp.Policy.ResourceType))
-	}
+	d.Set("resource_type", aws.StringValue(resp.Policy.ResourceType))
 	d.Set("policy_update_token", aws.StringValue(resp.Policy.PolicyUpdateToken))
 	if err := d.Set("resource_tags", flattenFMSResourceTags(resp.Policy.ResourceTags)); err != nil {
 		return err
@@ -230,14 +230,17 @@ func resourceAwsFmsPolicyExpandPolicy(d *schema.ResourceData) *fms.Policy {
 
 	fmsPolicy := &fms.Policy{
 		PolicyName:          aws.String(d.Get("name").(string)),
-		PolicyId:            aws.String(d.Id()),
-		PolicyUpdateToken:   aws.String(d.Get("policy_update_token").(string)),
 		RemediationEnabled:  aws.Bool(d.Get("remediation_enabled").(bool)),
 		ResourceType:        resourceType,
 		ResourceTypeList:    resourceTypeList,
 		ExcludeResourceTags: aws.Bool(d.Get("exclude_resource_tags").(bool)),
 	}
 
+	if d.Id() != "" {
+		fmsPolicy.PolicyId = aws.String(d.Id())
+		fmsPolicy.PolicyUpdateToken = aws.String(d.Get("policy_update_token").(string))
+	}
+
 	fmsPolicy.ExcludeMap = expandFMSPolicyMap(d.Get("exclude_map").([]interface{}))
 
 	fmsPolicy.IncludeMap = expandFMSPolicyMap(d.Get("include_map").([]interface{}))

diff --git a/aws/resource_aws_fms_policy_test.go b/aws/resource_aws_fms_policy_test.go
@@ -223,7 +223,10 @@ resource "aws_wafregional_rule_group" "test" {
 }
 
 func testAccFmsPolicyConfig_cloudfrontDistribution(name string, group string) string {
-	return fmt.Sprintf(`
+	return composeConfig(
+		testAccWebACLLoggingConfigurationDependenciesConfig(name),
+		testAccWebACLLoggingConfigurationKinesisDependencyConfig(name),
+		fmt.Sprintf(`
 resource "aws_fms_policy" "test" {
   exclude_resource_tags = false
   name                  = "%[1]s"
@@ -232,7 +235,7 @@ resource "aws_fms_policy" "test" {
 
   security_service_policy_data {
     type                 = "WAFV2"
-    managed_service_data = "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"${aws_wafregional_rule_group.test.id}\", \"overrideAction\" : {\"type\": \"COUNT\"}}],\"defaultAction\": {\"type\": \"BLOCK\"}, \"overrideCustomerWebACLAssociation\": false}"
+    managed_service_data = "{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"${aws_kinesis_firehose_delivery_stream.test.arn}\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"}]}}"
   }
 }
 
@@ -241,7 +244,8 @@ resource "aws_wafregional_rule_group" "test" {
   metric_name = "MyTest"
   name        = "%[2]s"
 }
-`, name, group)
+`, name, group),
+	)
 }
 
 func testAccFmsPolicyConfig_updated(name string, group string) string {