Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_networkfirewall_rule_group: Use list instead of set #27102

Merged
merged 6 commits into from
Dec 16, 2022
Merged

aws_networkfirewall_rule_group: Use list instead of set #27102

merged 6 commits into from
Dec 16, 2022

Conversation

tmccombs
Copy link
Contributor

@tmccombs tmccombs commented Oct 5, 2022
edited
Loading

Description

Order matters for the StatefulRules in a network firewall rules group, at least when rule_order is set to STRICT_ORDER,
so change the types from TypeSet to TypeList, so AWS doesn't change the order when it writes it up.

Currently, if you have STRICT_ORDER specified, then terraform writes the rules in an effectively random order, which can result in broken behavior, and makes it basically impossible to use terraform to manage this resource.

Relations

Closes #24977

References

Open Questions

  • What if anything needs to be done for migrating state from a set to a list?
  • Should anything be done to make diffs more intelligent? Specifically, so that if a rule is added or deleted, it doesn't show a diff for all remaining rules.

I haven't tested this at all.

@github-actions
Copy link

github-actions bot commented Oct 5, 2022

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added service/networkfirewall Issues and PRs that pertain to the networkfirewall service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. needs-triage Waiting for first response or review from a maintainer. size/M Managed by automation to categorize the size of a PR. and removed needs-triage Waiting for first response or review from a maintainer. labels Oct 5, 2022
@tmccombs
aws_networkfirewall_rule_group: Use list instead of set for stateful_…
bab1545 
…rule

Order matters for the StatefulRules, at least when rule_order is set to STRICT_ORDER,
so change the types from TypeSet to TypeList, so AWS doesn't change the order when it writes it up.

Fixes: hashicorp#24977
@tmccombs tmccombs force-pushed the networkfirewall-rule-group-list branch from 30e8ac8 to bab1545 Compare December 15, 2022 06:43
@tmccombs tmccombs marked this pull request as ready for review December 15, 2022 06:43
@tmccombs tmccombs force-pushed the networkfirewall-rule-group-list branch from bab1545 to 634c585 Compare December 15, 2022 06:47
@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. labels Dec 15, 2022
@github-actions
Copy link

Thank you for your contribution! 🚀

Please note that the CHANGELOG.md file contents are handled by the maintainers during merge. This is to prevent pull request merge conflicts, especially for contributions which may not be merged immediately. Please see the Contributing Guide for additional pull request review items.

Remove any changes to the CHANGELOG.md file and commit them in this pull request to prevent delays with reviewing and potentially merging this pull request.

@tmccombs tmccombs force-pushed the networkfirewall-rule-group-list branch from 634c585 to bab1545 Compare December 15, 2022 07:25
@github-actions github-actions bot removed documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. labels Dec 15, 2022
@floryut
Copy link

floryut commented Dec 15, 2022

@ewbankkit any chance you could review this one ? the issue is really a problem for enterprise user using strict policy on firewall 👍

ewbankkit
ewbankkit approved these changes Dec 16, 2022
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccNetworkFirewallRuleGroup_' PKG=networkfirewall ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/networkfirewall/... -v -count 1 -parallel 3  -run=TestAccNetworkFirewallRuleGroup_ -timeout 180m
=== RUN   TestAccNetworkFirewallRuleGroup_Basic_rulesSourceList
=== PAUSE TestAccNetworkFirewallRuleGroup_Basic_rulesSourceList
=== RUN   TestAccNetworkFirewallRuleGroup_Basic_referenceSets
=== PAUSE TestAccNetworkFirewallRuleGroup_Basic_referenceSets
=== RUN   TestAccNetworkFirewallRuleGroup_Basic_updateReferenceSets
=== PAUSE TestAccNetworkFirewallRuleGroup_Basic_updateReferenceSets
=== RUN   TestAccNetworkFirewallRuleGroup_Basic_statefulRule
=== PAUSE TestAccNetworkFirewallRuleGroup_Basic_statefulRule
=== RUN   TestAccNetworkFirewallRuleGroup_Basic_statelessRule
=== PAUSE TestAccNetworkFirewallRuleGroup_Basic_statelessRule
=== RUN   TestAccNetworkFirewallRuleGroup_Basic_rules
=== PAUSE TestAccNetworkFirewallRuleGroup_Basic_rules
=== RUN   TestAccNetworkFirewallRuleGroup_statefulRuleOptions
=== PAUSE TestAccNetworkFirewallRuleGroup_statefulRuleOptions
=== RUN   TestAccNetworkFirewallRuleGroup_updateStatefulRuleOptions
=== PAUSE TestAccNetworkFirewallRuleGroup_updateStatefulRuleOptions
=== RUN   TestAccNetworkFirewallRuleGroup_statelessRuleWithCustomAction
=== PAUSE TestAccNetworkFirewallRuleGroup_statelessRuleWithCustomAction
=== RUN   TestAccNetworkFirewallRuleGroup_updateRules
=== PAUSE TestAccNetworkFirewallRuleGroup_updateRules
=== RUN   TestAccNetworkFirewallRuleGroup_updateRulesSourceList
=== PAUSE TestAccNetworkFirewallRuleGroup_updateRulesSourceList
=== RUN   TestAccNetworkFirewallRuleGroup_rulesSourceAndRuleVariables
=== PAUSE TestAccNetworkFirewallRuleGroup_rulesSourceAndRuleVariables
=== RUN   TestAccNetworkFirewallRuleGroup_updateStatefulRule
=== PAUSE TestAccNetworkFirewallRuleGroup_updateStatefulRule
=== RUN   TestAccNetworkFirewallRuleGroup_updateMultipleStatefulRules
=== PAUSE TestAccNetworkFirewallRuleGroup_updateMultipleStatefulRules
=== RUN   TestAccNetworkFirewallRuleGroup_StatefulRule_action
=== PAUSE TestAccNetworkFirewallRuleGroup_StatefulRule_action
=== RUN   TestAccNetworkFirewallRuleGroup_StatefulRule_header
=== PAUSE TestAccNetworkFirewallRuleGroup_StatefulRule_header
=== RUN   TestAccNetworkFirewallRuleGroup_updateStatelessRule
=== PAUSE TestAccNetworkFirewallRuleGroup_updateStatelessRule
=== RUN   TestAccNetworkFirewallRuleGroup_tags
=== PAUSE TestAccNetworkFirewallRuleGroup_tags
=== RUN   TestAccNetworkFirewallRuleGroup_encryptionConfiguration
=== PAUSE TestAccNetworkFirewallRuleGroup_encryptionConfiguration
=== RUN   TestAccNetworkFirewallRuleGroup_disappears
=== PAUSE TestAccNetworkFirewallRuleGroup_disappears
=== CONT  TestAccNetworkFirewallRuleGroup_Basic_rulesSourceList
=== CONT  TestAccNetworkFirewallRuleGroup_updateRulesSourceList
=== CONT  TestAccNetworkFirewallRuleGroup_StatefulRule_header
--- PASS: TestAccNetworkFirewallRuleGroup_Basic_rulesSourceList (147.31s)
=== CONT  TestAccNetworkFirewallRuleGroup_updateMultipleStatefulRules
--- PASS: TestAccNetworkFirewallRuleGroup_StatefulRule_header (171.39s)
=== CONT  TestAccNetworkFirewallRuleGroup_StatefulRule_action
--- PASS: TestAccNetworkFirewallRuleGroup_updateRulesSourceList (179.17s)
=== CONT  TestAccNetworkFirewallRuleGroup_encryptionConfiguration
--- PASS: TestAccNetworkFirewallRuleGroup_updateMultipleStatefulRules (169.60s)
=== CONT  TestAccNetworkFirewallRuleGroup_disappears
--- PASS: TestAccNetworkFirewallRuleGroup_StatefulRule_action (190.77s)
=== CONT  TestAccNetworkFirewallRuleGroup_updateStatefulRule
--- PASS: TestAccNetworkFirewallRuleGroup_encryptionConfiguration (180.49s)
=== CONT  TestAccNetworkFirewallRuleGroup_rulesSourceAndRuleVariables
--- PASS: TestAccNetworkFirewallRuleGroup_disappears (149.52s)
=== CONT  TestAccNetworkFirewallRuleGroup_Basic_rules
--- PASS: TestAccNetworkFirewallRuleGroup_updateStatefulRule (165.89s)
=== CONT  TestAccNetworkFirewallRuleGroup_updateRules
--- PASS: TestAccNetworkFirewallRuleGroup_rulesSourceAndRuleVariables (155.98s)
=== CONT  TestAccNetworkFirewallRuleGroup_statelessRuleWithCustomAction
--- PASS: TestAccNetworkFirewallRuleGroup_Basic_rules (143.08s)
=== CONT  TestAccNetworkFirewallRuleGroup_updateStatefulRuleOptions
--- PASS: TestAccNetworkFirewallRuleGroup_updateRules (154.97s)
=== CONT  TestAccNetworkFirewallRuleGroup_statefulRuleOptions
--- PASS: TestAccNetworkFirewallRuleGroup_statelessRuleWithCustomAction (153.08s)
=== CONT  TestAccNetworkFirewallRuleGroup_Basic_statefulRule
--- PASS: TestAccNetworkFirewallRuleGroup_Basic_statefulRule (143.25s)
=== CONT  TestAccNetworkFirewallRuleGroup_Basic_statelessRule
--- PASS: TestAccNetworkFirewallRuleGroup_statefulRuleOptions (144.33s)
=== CONT  TestAccNetworkFirewallRuleGroup_Basic_updateReferenceSets
--- PASS: TestAccNetworkFirewallRuleGroup_updateStatefulRuleOptions (283.44s)
=== CONT  TestAccNetworkFirewallRuleGroup_Basic_referenceSets
--- PASS: TestAccNetworkFirewallRuleGroup_Basic_statelessRule (154.04s)
=== CONT  TestAccNetworkFirewallRuleGroup_tags
--- PASS: TestAccNetworkFirewallRuleGroup_Basic_updateReferenceSets (179.04s)
=== CONT  TestAccNetworkFirewallRuleGroup_updateStatelessRule
--- PASS: TestAccNetworkFirewallRuleGroup_Basic_referenceSets (164.89s)
--- PASS: TestAccNetworkFirewallRuleGroup_tags (154.64s)
--- PASS: TestAccNetworkFirewallRuleGroup_updateStatelessRule (167.88s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/networkfirewall	1164.539s

@ewbankkit
Copy link
Contributor

@tmccombs Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit f7f3bb4 into hashicorp:main Dec 16, 2022
@github-actions github-actions bot added this to the v4.48.0 milestone Dec 16, 2022
@tmccombs tmccombs deleted the networkfirewall-rule-group-list branch December 17, 2022 01:30
@github-actions
Copy link

This functionality has been released in v4.48.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@ewbankkit ewbankkit mentioned this pull request Jan 4, 2023
Closed
@flaviafm flaviafm mentioned this pull request Jan 11, 2023
Closed
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 20, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
service/networkfirewall Issues and PRs that pertain to the networkfirewall service. size/M Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v4.48.0
Development

Successfully merging this pull request may close these issues.

Terraform is changing the rule order of aws network firewall rules
3 participants
@tmccombs @floryut @ewbankkit