Allow use of resource_type and resource_type_list #17418
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
size/M
github-actions
bot
added
the
needs-triage
bill-rich
removed
the
needs-triage
bflad
suggested changes
Feb 4, 2021
aws/resource_aws_fms_policy.go
Outdated
| return err | ||
| } | ||
| if aws.StringValue(resp.Policy.ResourceType) != "ResourceTypeList" { |
There was a problem hiding this comment.
To avoid logic like this, we can mark the resource_type attribute as Computed as it is generally preferable to always set the value to simplify resource logic. 👍
| if v, ok := d.GetOk("exclude_map"); ok { | ||
| fmsPolicy.ExcludeMap = expandFMSPolicyMap(v.([]interface{})) | ||
| } | ||
| fmsPolicy := resourceAwsFmsPolicyExpandPolicy(d) |
There was a problem hiding this comment.
I think this change is breaking creation because the resource ID and PolicyUpdateToken are not yet available:
=== CONT TestAccAWSFmsPolicy_tags
resource_aws_fms_policy_test.go:129: Step 1/2 error: Error running apply:
Error: Creating Policy Failed: InvalidParameter: 2 validation error(s) found.
- minimum field size of 36, PutPolicyInput.Policy.PolicyId.
- minimum field size of 1, PutPolicyInput.Policy.PolicyUpdateToken.
=== CONT TestAccAWSFmsPolicy_cloudfrontDistribution
resource_aws_fms_policy_test.go:47: Step 1/2 error: Error running apply:
Error: Creating Policy Failed: InvalidParameter: 2 validation error(s) found.
- minimum field size of 36, PutPolicyInput.Policy.PolicyId.
- minimum field size of 1, PutPolicyInput.Policy.PolicyUpdateToken.
=== CONT TestAccAWSFmsPolicy_basic
resource_aws_fms_policy_test.go:19: Step 1/2 error: Error running apply:
Error: Creating Policy Failed: InvalidParameter: 2 validation error(s) found.
- minimum field size of 36, PutPolicyInput.Policy.PolicyId.
- minimum field size of 1, PutPolicyInput.Policy.PolicyUpdateToken.
=== CONT TestAccAWSFmsPolicy_includeMap
resource_aws_fms_policy_test.go:75: Step 1/2 error: Error running apply:
Error: Creating Policy Failed: InvalidParameter: 2 validation error(s) found.
- minimum field size of 36, PutPolicyInput.Policy.PolicyId.
- minimum field size of 1, PutPolicyInput.Policy.PolicyUpdateToken.
--- FAIL: TestAccAWSFmsPolicy_tags (11.14s)
--- FAIL: TestAccAWSFmsPolicy_cloudfrontDistribution (13.52s)
=== CONT TestAccAWSFmsPolicy_update
resource_aws_fms_policy_test.go:104: Step 1/2 error: Error running apply:
Error: Creating Policy Failed: InvalidParameter: 2 validation error(s) found.
- minimum field size of 36, PutPolicyInput.Policy.PolicyId.
- minimum field size of 1, PutPolicyInput.Policy.PolicyUpdateToken.
--- FAIL: TestAccAWSFmsPolicy_basic (14.61s)
--- FAIL: TestAccAWSFmsPolicy_includeMap (15.72s)
--- FAIL: TestAccAWSFmsPolicy_update (16.84s)
bill-rich
force-pushed
the
b_fms_distribution
branch
from
50cb80a
to
6e9f21c
Compare
bflad
added
the
enhancement
|
I got this fixed up, so it should be ready for another look. |
bflad
approved these changes
Feb 11, 2021
There was a problem hiding this comment.
Looking better now. 👍 Just one documentation thing and missing changelog entry
Output from acceptance testing in AWS Commercial (us-east-1):
--- PASS: TestAccAWSFmsPolicy_tags (16.55s)
--- PASS: TestAccAWSFmsPolicy_includeMap (17.11s)
--- PASS: TestAccAWSFmsPolicy_basic (20.22s)
--- PASS: TestAccAWSFmsPolicy_update (28.45s)
--- PASS: TestAccAWSFmsPolicy_cloudfrontDistribution (79.45s)
We will need to setup special handling for the new CloudFormation test as it currently fails in the default us-west-2 region:
=== CONT TestAccAWSFmsPolicy_cloudfrontDistribution
resource_aws_fms_policy_test.go:47: Step 1/2 error: Error running apply:
Error: Creating Policy Failed: InvalidInputException: Resource ["AWS::CloudFront::Distribution"] can not be used in region: us-west-2.
| @@ -59,7 +59,8 @@ The following arguments are supported: | |||
| * `include_map` - (Optional) A map of lists, with a single key named 'account' with a list of AWS Account IDs to include for this policy. | |||
| * `remediation_enabled` - (Required) A boolean value, indicates if the policy should automatically applied to resources that already exist in the account. | |||
| * `resource_tags` - (Optional) A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags. | |||
| * `resource_type_list` - (Required, Forces new resource) A list of resource types to protect, valid values are: `AWS::ElasticLoadBalancingV2::LoadBalancer`, `AWS::ApiGateway::Stage`, `AWS::CloudFront::Distribution`. | |||
| * `resource_type` - (Optional) A resource type to protect, valid values are: `AWS::ElasticLoadBalancingV2::LoadBalancer`, `AWS::ApiGateway::Stage`, `AWS::CloudFront::Distribution`. Conflicts with `resource_type_list`. | |||
| * `resource_type_list` - (Optional) A list of resource types to protect, valid values are: `AWS::ElasticLoadBalancingV2::LoadBalancer`, `AWS::ApiGateway::Stage`, `AWS::CloudFront::Distribution`. Conflicts with `resource_type`. | |||
There was a problem hiding this comment.
The schema validation also includes: "AWS::EC2::NetworkInterface", "AWS::EC2::Instance", "AWS::EC2::SecurityGroup"
Suggested change
| * `resource_type_list` - (Optional) A list of resource types to protect, valid values are: `AWS::ElasticLoadBalancingV2::LoadBalancer`, `AWS::ApiGateway::Stage`, `AWS::CloudFront::Distribution`. Conflicts with `resource_type`. | |
| * `resource_type_list` - (Optional) A list of resource types to protect, valid values are: `AWS::ElasticLoadBalancingV2::LoadBalancer`, `AWS::ApiGateway::Stage`, `AWS::CloudFront::Distribution`, `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`, `AWS::EC2::SecurityGroup`. Conflicts with `resource_type`. |
|
This has been released in version 3.28.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
AWS::CloudFront::Distributionis only allowed inresource_type. Originallyfms_policyput all resource types intoresource_type_list. This PR allows the use of both.Community Note
Output from acceptance testing: