Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correctly fetch overridden actions in the Network Firewall policy data source #31089

Merged
merged 7 commits into from
May 2, 2023
Merged

Correctly fetch overridden actions in the Network Firewall policy data source #31089

merged 7 commits into from
May 2, 2023

Conversation

dancorne
Copy link
Contributor

@dancorne dancorne commented May 1, 2023
edited
Loading

Description

When an AWS-managed rule is configured in a Network Firewall with the action overridden Terraform will fail it's plan or apply with Invalid address to set: []string{"stateful_rule_group_reference", "0", "override"}

I tried to include an aws_networkfirewall_rule_group resource in the test configuration to avoid depending on the referenced rule group existing ahead of time, however override blocks are only available on AWS-managed rule group references.

I was tempted to add a very comprehensive resource configuration for the test to try to pre-empt similar issues, but I couldn't find any cases where that's be done before for data sources. Let me know if that'd be preferable though and I'm happy to update the test.

Relations

Closes #31088

References

The override block documentation in the provider resource docs

Output from Acceptance Testing

$ make testacc TESTS=TestAccNetworkFirewallFirewallPolicyDataSource PKG=networkfirewall
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/networkfirewall/... -v -count 1 -parallel 20 -run='TestAccNetworkFirewallFirewallPolicyDataSource'  -timeout 180m
=== RUN   TestAccNetworkFirewallFirewallPolicyDataSource_arn
=== PAUSE TestAccNetworkFirewallFirewallPolicyDataSource_arn
=== RUN   TestAccNetworkFirewallFirewallPolicyDataSource_name
=== PAUSE TestAccNetworkFirewallFirewallPolicyDataSource_name
=== RUN   TestAccNetworkFirewallFirewallPolicyDataSource_nameAndARN
=== PAUSE TestAccNetworkFirewallFirewallPolicyDataSource_nameAndARN
=== RUN   TestAccNetworkFirewallFirewallPolicyDataSource_withOverriddenManagedRuleGroup
=== PAUSE TestAccNetworkFirewallFirewallPolicyDataSource_withOverriddenManagedRuleGroup
=== CONT  TestAccNetworkFirewallFirewallPolicyDataSource_arn
=== CONT  TestAccNetworkFirewallFirewallPolicyDataSource_nameAndARN
=== CONT  TestAccNetworkFirewallFirewallPolicyDataSource_withOverriddenManagedRuleGroup
=== CONT  TestAccNetworkFirewallFirewallPolicyDataSource_name
--- PASS: TestAccNetworkFirewallFirewallPolicyDataSource_name (154.86s)
--- PASS: TestAccNetworkFirewallFirewallPolicyDataSource_nameAndARN (154.94s)
--- PASS: TestAccNetworkFirewallFirewallPolicyDataSource_arn (155.13s)
--- PASS: TestAccNetworkFirewallFirewallPolicyDataSource_withOverriddenManagedRuleGroup (156.32s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/networkfirewall    158.652s

EDIT: Updated the test output to include all tests for this data source tests to confirm no regressions.

@dancorne
Add test for firewall policy data source with override
6807f3d 
This currently fails with the following error: panic: Invalid address to
set: []string{"stateful_rule_group_reference", "0", "override"}

I tried to include an aws_networkfirewall_rule_group resource in the
test configuration to avoid depending on the rule group existing,
however override blocks are only available on AWS-managed rule group
references.
@dancorne
Add override to firewall policy data source schema
0bbd358 
This previously caused a panic if an override is configured.
@github-actions
Copy link

github-actions bot commented May 1, 2023

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added size/M Managed by automation to categorize the size of a PR. service/networkfirewall Issues and PRs that pertain to the networkfirewall service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. needs-triage Waiting for first response or review from a maintainer. labels May 1, 2023
github-actions[bot]
github-actions bot reviewed May 1, 2023
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome @dancorne 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

@justinretzolk justinretzolk added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels May 1, 2023
ewbankkit
ewbankkit approved these changes May 2, 2023
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccNetworkFirewallFirewallPolicyDataSource_' PKG=networkfirewall ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/networkfirewall/... -v -count 1 -parallel 2  -run=TestAccNetworkFirewallFirewallPolicyDataSource_ -timeout 180m
=== RUN   TestAccNetworkFirewallFirewallPolicyDataSource_arn
=== PAUSE TestAccNetworkFirewallFirewallPolicyDataSource_arn
=== RUN   TestAccNetworkFirewallFirewallPolicyDataSource_name
=== PAUSE TestAccNetworkFirewallFirewallPolicyDataSource_name
=== RUN   TestAccNetworkFirewallFirewallPolicyDataSource_nameAndARN
=== PAUSE TestAccNetworkFirewallFirewallPolicyDataSource_nameAndARN
=== RUN   TestAccNetworkFirewallFirewallPolicyDataSource_withOverriddenManagedRuleGroup
=== PAUSE TestAccNetworkFirewallFirewallPolicyDataSource_withOverriddenManagedRuleGroup
=== CONT  TestAccNetworkFirewallFirewallPolicyDataSource_arn
=== CONT  TestAccNetworkFirewallFirewallPolicyDataSource_nameAndARN
--- PASS: TestAccNetworkFirewallFirewallPolicyDataSource_nameAndARN (133.21s)
=== CONT  TestAccNetworkFirewallFirewallPolicyDataSource_withOverriddenManagedRuleGroup
--- PASS: TestAccNetworkFirewallFirewallPolicyDataSource_arn (153.44s)
=== CONT  TestAccNetworkFirewallFirewallPolicyDataSource_name
--- PASS: TestAccNetworkFirewallFirewallPolicyDataSource_withOverriddenManagedRuleGroup (142.07s)
--- PASS: TestAccNetworkFirewallFirewallPolicyDataSource_name (162.20s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/networkfirewall	321.501s

@ewbankkit
Copy link
Contributor

@dancorne Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit 5ab4c5a into hashicorp:main May 2, 2023
@github-actions github-actions bot added this to the v4.66.0 milestone May 2, 2023
@github-actions
Copy link

github-actions bot commented May 5, 2023

This functionality has been released in v4.66.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

github-actions bot commented Jun 6, 2023

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/networkfirewall Issues and PRs that pertain to the networkfirewall service. size/M Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v4.66.0
Development

Successfully merging this pull request may close these issues.

[Bug]: Data source aws_networkfirewall_firewall_policy fails if an override action is configured
3 participants
@dancorne @ewbankkit @justinretzolk