Skip to content

Commit

Permalink
Merge pull request #27102 from tmccombs/networkfirewall-rule-group-list
Browse files Browse the repository at this point in the history
aws_networkfirewall_rule_group: Use list instead of set
  • Loading branch information
ewbankkit authored Dec 16, 2022
2 parents 0cdefee + 6a2367e commit f7f3bb4
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 79 deletions.
3 changes: 3 additions & 0 deletions .changelog/27102.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
resource/aws_networkfirewall_rule_group: Change `rule_group.rules_source.stateful_rule` from `TypeSet` to `TypeList` to preserve rule order
```
6 changes: 3 additions & 3 deletions internal/service/networkfirewall/rule_group.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ func ResourceRuleGroup() *schema.Resource {
Optional: true,
},
"stateful_rule": {
Type: schema.TypeSet,
Type: schema.TypeList,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
Expand Down Expand Up @@ -799,8 +799,8 @@ func expandRuleGroup(l []interface{}) *networkfirewall.RuleGroup {
if v, ok := rsMap["rules_string"].(string); ok && v != "" {
rulesSource.RulesString = aws.String(v)
}
if v, ok := rsMap["stateful_rule"].(*schema.Set); ok && v.Len() > 0 {
rulesSource.StatefulRules = expandStatefulRules(v.List())
if v, ok := rsMap["stateful_rule"].([]interface{}); ok && len(v) > 0 {
rulesSource.StatefulRules = expandStatefulRules(v)
}
if v, ok := rsMap["stateless_rules_and_custom_actions"].([]interface{}); ok && len(v) > 0 && v[0] != nil {
rulesSource.StatelessRulesAndCustomActions = expandStatelessRulesAndCustomActions(v)
Expand Down
134 changes: 58 additions & 76 deletions internal/service/networkfirewall/rule_group_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -167,18 +167,16 @@ func TestAccNetworkFirewallRuleGroup_Basic_statefulRule(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "rule_group.#", "1"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.#", "1"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*", map[string]string{
"action": networkfirewall.StatefulActionPass,
"header.#": "1",
"header.0.destination": "124.1.1.24/32",
"header.0.destination_port": "53",
"header.0.direction": networkfirewall.StatefulRuleDirectionAny,
"header.0.protocol": networkfirewall.StatefulRuleProtocolTcp,
"header.0.source": "1.2.3.4/32",
"header.0.source_port": "53",
"rule_option.#": "1",
}),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*.rule_option.*", map[string]string{
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.action", networkfirewall.StatefulActionPass),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.#", "1"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination", "124.1.1.24/32"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination_port", "53"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.direction", networkfirewall.StatefulRuleDirectionAny),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.protocol", networkfirewall.StatefulRuleProtocolTcp),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source", "1.2.3.4/32"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source_port", "53"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.rule_option.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.rule_option.*", map[string]string{
"keyword": "sid:1",
}),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.stateful_rule_options.#", "0"),
Expand Down Expand Up @@ -590,17 +588,15 @@ func TestAccNetworkFirewallRuleGroup_updateStatefulRule(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckRuleGroupExists(resourceName, &ruleGroup),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*", map[string]string{
"action": networkfirewall.StatefulActionDrop,
"header.#": "1",
"header.0.destination": "1.2.3.4/32",
"header.0.destination_port": "1001",
"header.0.direction": networkfirewall.StatefulRuleDirectionForward,
"header.0.protocol": networkfirewall.StatefulRuleProtocolIp,
"header.0.source": "124.1.1.24/32",
"header.0.source_port": "1001",
"rule_option.#": "1",
}),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.action", networkfirewall.StatefulActionDrop),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.#", "1"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination", "1.2.3.4/32"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination_port", "1001"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.direction", networkfirewall.StatefulRuleDirectionForward),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.protocol", networkfirewall.StatefulRuleProtocolIp),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source", "124.1.1.24/32"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source_port", "1001"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.rule_option.#", "1"),
),
},
{
Expand Down Expand Up @@ -638,17 +634,15 @@ func TestAccNetworkFirewallRuleGroup_updateMultipleStatefulRules(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckRuleGroupExists(resourceName, &ruleGroup),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.#", "2"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*", map[string]string{
"action": networkfirewall.StatefulActionPass,
"header.#": "1",
"header.0.destination": "124.1.1.24/32",
"header.0.destination_port": "53",
"header.0.direction": networkfirewall.StatefulRuleDirectionAny,
"header.0.protocol": networkfirewall.StatefulRuleProtocolTcp,
"header.0.source": "1.2.3.4/32",
"header.0.source_port": "53",
"rule_option.#": "1",
}),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.action", networkfirewall.StatefulActionPass),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.#", "1"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination", "124.1.1.24/32"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination_port", "53"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.direction", networkfirewall.StatefulRuleDirectionAny),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.protocol", networkfirewall.StatefulRuleProtocolTcp),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source", "1.2.3.4/32"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source_port", "53"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.rule_option.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*", map[string]string{
"action": networkfirewall.StatefulActionAlert,
"header.#": "1",
Expand All @@ -672,17 +666,15 @@ func TestAccNetworkFirewallRuleGroup_updateMultipleStatefulRules(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckRuleGroupExists(resourceName, &ruleGroup),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*", map[string]string{
"action": networkfirewall.StatefulActionDrop,
"header.#": "1",
"header.0.destination": "1.2.3.4/32",
"header.0.destination_port": "1001",
"header.0.direction": networkfirewall.StatefulRuleDirectionForward,
"header.0.protocol": networkfirewall.StatefulRuleProtocolIp,
"header.0.source": "124.1.1.24/32",
"header.0.source_port": "1001",
"rule_option.#": "1",
}),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.action", networkfirewall.StatefulActionDrop),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.#", "1"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination", "1.2.3.4/32"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination_port", "1001"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.direction", networkfirewall.StatefulRuleDirectionForward),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.protocol", networkfirewall.StatefulRuleProtocolIp),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source", "124.1.1.24/32"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source_port", "1001"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.rule_option.#", "1"),
),
},
{
Expand Down Expand Up @@ -713,9 +705,7 @@ func TestAccNetworkFirewallRuleGroup_StatefulRule_action(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckRuleGroupExists(resourceName, &ruleGroup),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*", map[string]string{
"action": networkfirewall.StatefulActionAlert,
}),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.action", networkfirewall.StatefulActionAlert),
),
},
{
Expand All @@ -728,9 +718,7 @@ func TestAccNetworkFirewallRuleGroup_StatefulRule_action(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckRuleGroupExists(resourceName, &ruleGroup),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*", map[string]string{
"action": networkfirewall.StatefulActionPass,
}),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.action", networkfirewall.StatefulActionPass),
),
},
{
Expand All @@ -743,9 +731,7 @@ func TestAccNetworkFirewallRuleGroup_StatefulRule_action(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckRuleGroupExists(resourceName, &ruleGroup),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*", map[string]string{
"action": networkfirewall.StatefulActionDrop,
}),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.action", networkfirewall.StatefulActionDrop),
),
},
{
Expand Down Expand Up @@ -774,17 +760,15 @@ func TestAccNetworkFirewallRuleGroup_StatefulRule_header(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckRuleGroupExists(resourceName, &ruleGroup),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*", map[string]string{
"action": networkfirewall.StatefulActionPass,
"header.#": "1",
"header.0.destination": "ANY",
"header.0.destination_port": "1990",
"header.0.direction": networkfirewall.StatefulRuleDirectionAny,
"header.0.protocol": networkfirewall.StatefulRuleProtocolTcp,
"header.0.source": "ANY",
"header.0.source_port": "1994",
"rule_option.#": "1",
}),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.action", networkfirewall.StatefulActionPass),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.#", "1"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination", "ANY"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination_port", "1990"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.direction", networkfirewall.StatefulRuleDirectionAny),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.protocol", networkfirewall.StatefulRuleProtocolTcp),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source", "ANY"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source_port", "1994"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.rule_option.#", "1"),
),
},
{
Expand All @@ -797,17 +781,15 @@ func TestAccNetworkFirewallRuleGroup_StatefulRule_header(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckRuleGroupExists(resourceName, &ruleGroup),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.#", "1"),
resource.TestCheckTypeSetElemNestedAttrs(resourceName, "rule_group.0.rules_source.0.stateful_rule.*", map[string]string{
"action": networkfirewall.StatefulActionPass,
"header.#": "1",
"header.0.destination": "ANY",
"header.0.destination_port": "ANY",
"header.0.direction": networkfirewall.StatefulRuleDirectionAny,
"header.0.protocol": networkfirewall.StatefulRuleProtocolTcp,
"header.0.source": "ANY",
"header.0.source_port": "ANY",
"rule_option.#": "1",
}),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.action", networkfirewall.StatefulActionPass),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.#", "1"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination", "ANY"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.destination_port", "ANY"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.direction", networkfirewall.StatefulRuleDirectionAny),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.protocol", networkfirewall.StatefulRuleProtocolTcp),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source", "ANY"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.header.0.source_port", "ANY"),
resource.TestCheckResourceAttr(resourceName, "rule_group.0.rules_source.0.stateful_rule.0.rule_option.#", "1"),
),
},
{
Expand Down

0 comments on commit f7f3bb4

Please sign in to comment.