TestAccNetworkFirewallFirewallPolicy_tlsInspectionConfigurationARN: U…

…se environment variables.
hashicorp · Jan 2, 2024 · e9709ab · e9709ab
1 parent a2d451c
commit e9709ab
Showing 1 changed file with 9 additions and 35 deletions.
diff --git a/internal/service/networkfirewall/firewall_policy_test.go b/internal/service/networkfirewall/firewall_policy_test.go
@@ -927,8 +927,8 @@ func TestAccNetworkFirewallFirewallPolicy_tlsInspectionConfigurationARN(t *testi
 	var firewallPolicy networkfirewall.DescribeFirewallPolicyOutput
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
 	resourceName := "aws_networkfirewall_firewall_policy.test"
-	rTlsArn1 := "terraformtests"
-	rTlsArn2 := "terraformtests2"
+	arn1 := acctest.SkipIfEnvVarNotSet(t, "AWS_NETWORKFIREWALL_TLS_INSPECTION_CONFIGURATION_ARN_1")
+	arn2 := acctest.SkipIfEnvVarNotSet(t, "AWS_NETWORKFIREWALL_TLS_INSPECTION_CONFIGURATION_ARN_2")
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
@@ -937,21 +937,19 @@ func TestAccNetworkFirewallFirewallPolicy_tlsInspectionConfigurationARN(t *testi
 		CheckDestroy:             testAccCheckFirewallPolicyDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccFirewallPolicyConfig_tlsInspectionConfigurationARN(rName, rTlsArn1),
+				Config: testAccFirewallPolicyConfig_tlsInspectionConfigurationARN(rName, arn1),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckFirewallPolicyExists(ctx, resourceName, &firewallPolicy),
 					resource.TestCheckResourceAttr(resourceName, "firewall_policy.#", "1"),
-					//resource.TestMatchResourceAttr(resourceName, "firewall_policy.0.tls_inspection_configuration_arn", regexp.MustCompile(`^arn:aws:network-firewall:.+terraformtests$`)),
-					acctest.CheckResourceAttrRegionalARN(resourceName, "firewall_policy.0.tls_inspection_configuration_arn", "network-firewall", fmt.Sprintf("tls-configuration/%s", rTlsArn1)),
+					resource.TestCheckResourceAttr(resourceName, "firewall_policy.0.tls_inspection_configuration_arn", arn1),
 				),
 			},
 			{
-				Config: testAccFirewallPolicyConfig_updateTLSInspectionConfigurationARN(rName, rTlsArn2),
+				Config: testAccFirewallPolicyConfig_tlsInspectionConfigurationARN(rName, arn2),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckFirewallPolicyExists(ctx, resourceName, &firewallPolicy),
 					resource.TestCheckResourceAttr(resourceName, "firewall_policy.#", "1"),
-					//resource.TestMatchResourceAttr(resourceName, "firewall_policy.0.tls_inspection_configuration_arn", regexp.MustCompile(`^arn:aws:network-firewall:.+terraformtests2$`)),
-					acctest.CheckResourceAttrRegionalARN(resourceName, "firewall_policy.0.tls_inspection_configuration_arn", "network-firewall", fmt.Sprintf("tls-configuration/%s", rTlsArn2)),
+					resource.TestCheckResourceAttr(resourceName, "firewall_policy.0.tls_inspection_configuration_arn", arn2),
 				),
 			},
 			{
@@ -1644,42 +1642,18 @@ resource "aws_networkfirewall_firewall_policy" "test" {
 `, rName))
 }
 
-// The tls_inspection_configuration_arn cannot be updated after policy creation unless there way already an inspection policy attached on fw policy creation.
-
-func testAccFirewallPolicyConfig_tlsInspectionConfigurationARN(rName, rTlsArn1 string) string {
-	return fmt.Sprintf(`
-data "aws_region" "current" {}
-data "aws_caller_identity" "current" {}
-data "aws_partition" "current" {}
-
-resource "aws_networkfirewall_firewall_policy" "test" {
-  name = %[1]q
-
-  firewall_policy {
-    stateless_fragment_default_actions = ["aws:drop"]
-    stateless_default_actions          = ["aws:pass"]
-    tls_inspection_configuration_arn   = "arn:${data.aws_partition.current.partition}:network-firewall:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:tls-configuration/%[2]s"
-  }
-}
-`, rName, rTlsArn1)
-}
-
-func testAccFirewallPolicyConfig_updateTLSInspectionConfigurationARN(rName, rTlsArn2 string) string {
+func testAccFirewallPolicyConfig_tlsInspectionConfigurationARN(rName, arn string) string {
 	return fmt.Sprintf(`
-data "aws_region" "current" {}
-data "aws_caller_identity" "current" {}
-data "aws_partition" "current" {}
-
 resource "aws_networkfirewall_firewall_policy" "test" {
   name = %[1]q
 
   firewall_policy {
     stateless_fragment_default_actions = ["aws:drop"]
     stateless_default_actions          = ["aws:pass"]
-    tls_inspection_configuration_arn   = "arn:${data.aws_partition.current.partition}:network-firewall:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:tls-configuration/%[2]s"
+    tls_inspection_configuration_arn   = %[2]q
   }
 }
-`, rName, rTlsArn2)
+`, rName, arn)
 }
 
 func testAccFirewallPolicyConfig_encryptionConfiguration(rName, statelessDefaultActions string) string {