Add rules packages datasource for AWS Inspector #3175
Conversation
This add the rules packages datasource to retrieve all the available AWS inspector rules packages for your region
radeksimko
added
service/inspector
|
Since AWS is very segregated between services and the APIs, we would definitely recommend calling the data source something with the service name in it and would require that change on review so its not confused with many of the other services that offer "rules" like EC2 security groups. So in this case I'll provide a full review shortly. |
There was a problem hiding this comment.
@MattiasGees thanks for your contribution! Check out the notes below and let me know if you have any questions.
This will be pretty straightforward to enhance in the future if we want to by name, provider, etc. filtering with DescribeRulesPackages on the ARNs.
| "github.com/hashicorp/terraform/helper/schema" | ||
| ) | ||
|
|
||
| func dataSourceAwsRulesPackages() *schema.Resource { |
There was a problem hiding this comment.
Please change to dataSourceAwsInspectorRulesPackages() and update the Read function accordingly as well. 👍
| log.Printf("[DEBUG] Reading Rules Packages.") | ||
| d.SetId(time.Now().UTC().String()) | ||
|
|
||
| var results int64 = 300 |
There was a problem hiding this comment.
We should probably use the SDK paginator instead of limiting the results or potentially missing some due to not checking NextToken.
var arns []string
input := &inspector.ListRulesPackagesInput{}
err := conn.ListRulesPackagesPages(input, func(page *ListRulesPackagesOutput, lastPage bool) bool {
for _, arn := range page.RulesPackageArns {
arns = append(arns, *arn)
}
return !lastPage
})
if err != nil {
return fmt.Errorf("Error fetching Rules Packages: %s", err)
}
if len(arns) == 0 {
return errors.New("No rules packages found.")
}
sort.Strings(arns)
d.Set("arns", arns)
aws/provider.go
Outdated
| @@ -214,6 +214,7 @@ func Provider() terraform.ResourceProvider { | |||
| "aws_region": dataSourceAwsRegion(), | |||
| "aws_route_table": dataSourceAwsRouteTable(), | |||
| "aws_route53_zone": dataSourceAwsRoute53Zone(), | |||
| "aws_rules_packages": dataSourceAwsRulesPackages(), | |||
There was a problem hiding this comment.
Please update to aws_inspector_rules_packages 👍
| return func(s *terraform.State) error { | ||
| rs, ok := s.RootModule().Resources[n] | ||
| if !ok { | ||
| return fmt.Errorf("Can't find Tules Packages resource: %s", n) |
| Config: testAccCheckAwsRulesPackagesConfig, | ||
| Check: resource.ComposeTestCheckFunc( | ||
| testAccCheckAwsRulesPackagesMeta("data.aws_rules_packages.aws_rules_packages"), | ||
| ), |
There was a problem hiding this comment.
We can check attributes here with some of the resource helpers instead of more complicated acceptance testing logic in another function: e.g. resource.TestCheckResourceAttr("data.aws_inspector_rules_packages.test", "arns.#", "4"), or if indeterminate resource.TestCheckResourceAttrSet("data.aws_inspector_rules_packages.test", "arns.#")
| return fmt.Errorf("Rules Packages resource ID not set.") | ||
| } | ||
|
|
||
| actual, err := testAccCheckAwsRulesPackagesBuildAvailable(rs.Primary.Attributes) |
There was a problem hiding this comment.
We don't need this function or its call, see above.
| return err | ||
| } | ||
|
|
||
| expected := actual |
There was a problem hiding this comment.
I don't think we don't need to acceptance test sort.Strings().
bflad
added
the
waiting-response
This changes the name of the function to aws_inspector_rules_packages. Also a change to the pagination was made + simplified the tests
ghost
added
size/M
|
@bflad I made the requested changes. |
bflad
removed
the
waiting-response
There was a problem hiding this comment.
You're pretty close! 😄 Let us know if you don't have time to address the last items.
We definitely need to address the test failure and add documentation:
- Add data source documentation in
website/docs/d/inspector_rules_packages.html.markdown - Add link in data sources sidebar section of
website/aws.erbe.g.
<li<%= sidebar_current("docs-aws-datasource-inspector-rules-packages") %>>
<a href="/docs/providers/aws/d/inspector_rules_packages.html">aws_inspector_rules_packages</a>
</li>
| Steps: []resource.TestStep{ | ||
| { | ||
| Config: testAccCheckAWSInspectorRulesPackagesConfig, | ||
| Check: resource.TestCheckResourceAttrSet("data.aws_inspector_rules_packages.test", "arns.#"), |
There was a problem hiding this comment.
The .test here needs to either be updated to .rules_packages to match the name in testAccCheckAWSInspectorRulesPackagesConfig or the data source to be named test in the configuration
make testacc TEST=./aws TESTARGS='-run=TestAccAWSInspectorRulesPackages_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSInspectorRulesPackages_basic -timeout 120m
=== RUN TestAccAWSInspectorRulesPackages_basic
--- FAIL: TestAccAWSInspectorRulesPackages_basic (7.84s)
testing.go:513: Step 0 error: Check failed: Not found: data.aws_inspector_rules_packages.test in [root]
FAIL
exit status 1
FAIL github.com/terraform-providers/terraform-provider-aws/aws 7.888s
make: *** [testacc] Error 1
There was a problem hiding this comment.
I renamed it to test
aws/provider.go
Outdated
| @@ -214,6 +214,7 @@ func Provider() terraform.ResourceProvider { | |||
| "aws_region": dataSourceAwsRegion(), | |||
| "aws_route_table": dataSourceAwsRouteTable(), | |||
| "aws_route53_zone": dataSourceAwsRoute53Zone(), | |||
| "aws_inspector_rules_packages": dataSourceAwsInspectorRulesPackages(), | |||
There was a problem hiding this comment.
Minor nitpick: Can you lexicographically sort this please?
bflad
added
the
waiting-response
ghost
added
size/L
bflad
removed
the
waiting-response
There was a problem hiding this comment.
This looks great! Thanks for the contribution! 🚀
make testacc TEST=./aws TESTARGS='-run=TestAccAWSInspectorRulesPackages_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSInspectorRulesPackages_basic -timeout 120m
=== RUN TestAccAWSInspectorRulesPackages_basic
--- PASS: TestAccAWSInspectorRulesPackages_basic (9.91s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 9.971s
|
This has been released in version 1.10.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
This add the rules packages datasource to retrieve all the available AWS inspector rules packages for your region.
This is my first time creating a full data source for Terraform. All feedback is welcome on both code and test coverage.
I am also not sure about the name of the datasource. At this moment it is
rules_packagesbut maybeinspector_rules_packagesis a better name?