Skip to content

Commit 02437d0

Browse files
uyggnodoowuyggnodoow
committed
fix: Inconsistent result types in if-else expressions for 'managed_service_data'
1 parent 37dca2f commit 02437d0

File tree

1 file changed

+122
-72
lines changed

1 file changed

+122
-72
lines changed

main.tf

Lines changed: 122 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -1,82 +1,132 @@
11
locals {
2-
managed_service_data = var.type == "WAFV2" ? {
3-
type = var.type
4-
preProcessRuleGroups = lookup(var.managed_service_data, "preProcessRuleGroups", [])
5-
postProcessRuleGroups = lookup(var.managed_service_data, "postProcessRuleGroups", [])
6-
defaultAction = {
7-
type = upper(lookup(var.managed_service_data, "default_action", "allow"))
2+
default = {
3+
type = null
4+
preProcessRuleGroups = []
5+
postProcessRuleGroups = []
6+
defaultAction = null
7+
customRequestHandling = null
8+
customResponse = null
9+
overrideCustomerWebACLAssociation = false
10+
loggingConfiguration = null
11+
sampledRequestsEnabledForDefaultActions = false
12+
captchaConfig = {}
13+
challengeConfig = {}
14+
tokenDomains = null
15+
optimizeUnassociatedWebACL = false
16+
webACLSource = null
17+
automaticResponseConfiguration = null
18+
overrideCustomerWebaclClassic = false
19+
securityGroups = []
20+
securityGroupAction = null
21+
revertManualSecurityGroupChanges = false
22+
exclusiveResourceSecurityGroupManagement = false
23+
applyToAllEC2InstanceENIs = false
24+
includeSharedVPC = false
25+
enableSecurityGroupReferencesDistribution = false
26+
enableTagDistribution = false
27+
preManagedOptions = null
28+
deleteUnusedSecurityGroups = false
29+
coalesceRedundantSecurityGroups = false
30+
optionalDelayForUnusedInMinutes = 0
31+
awsNetworkFirewallConfig = null
32+
firewallDeploymentModel = null
33+
networkFirewallStatelessRuleGroupReferences = null
34+
networkFirewallStatelessDefaultActions = null
35+
networkFirewallStatelessFragmentDefaultActions = null
36+
networkFirewallStatelessCustomActions = null
37+
networkFirewallStatefulRuleGroupReferences = null
38+
networkFirewallOrchestrationConfig = null
39+
networkFirewallLoggingConfiguration = null
40+
}
41+
42+
managed_service_data = var.type == "WAFV2" ? merge(local.default,
43+
{
44+
type = var.type
45+
preProcessRuleGroups = lookup(var.managed_service_data, "preProcessRuleGroups", [])
46+
postProcessRuleGroups = lookup(var.managed_service_data, "postProcessRuleGroups", [])
47+
defaultAction = {
48+
type = upper(lookup(var.managed_service_data, "default_action", "allow"))
49+
}
50+
customRequestHandling = lookup(var.managed_service_data, "customRequestHandling", null)
51+
customResponse = lookup(var.managed_service_data, "customResponse", null)
52+
overrideCustomerWebACLAssociation = lookup(var.managed_service_data, "overrideCustomerWebACLAssociation", false)
53+
loggingConfiguration = lookup(var.managed_service_data, "loggingConfiguration", null)
54+
sampledRequestsEnabledForDefaultActions = lookup(var.managed_service_data, "sampledRequestsEnabledForDefaultActions", false)
55+
captchaConfig = {
56+
immunityTimeProperty = {
57+
immunityTime = lookup(var.managed_service_data, "captchaConfig", 300)
58+
}
59+
}
60+
challengeConfig = {
61+
immunityTimeProperty = {
62+
immunityTime = lookup(var.managed_service_data, "challengeConfig", 300)
63+
}
64+
}
65+
tokenDomains = lookup(var.managed_service_data, "tokenDomains", null)
66+
optimizeUnassociatedWebACL = lookup(var.managed_service_data, "optimizeUnassociatedWebACL", false)
67+
webACLSource = lookup(var.managed_service_data, "webACLSource", "DEFAULT")
868
}
9-
customRequestHandling = lookup(var.managed_service_data, "customRequestHandling", null)
10-
customResponse = lookup(var.managed_service_data, "customResponse", null)
11-
overrideCustomerWebACLAssociation = lookup(var.managed_service_data, "overrideCustomerWebACLAssociation", false)
12-
loggingConfiguration = lookup(var.managed_service_data, "loggingConfiguration", null)
13-
sampledRequestsEnabledForDefaultActions = lookup(var.managed_service_data, "sampledRequestsEnabledForDefaultActions", false)
14-
captchaConfig = {
15-
immunityTimeProperty = {
16-
immunityTime = lookup(var.managed_service_data, "captchaConfig", 300)
69+
) : var.type == "SHIELD_ADVANCED" ? merge(local.default,
70+
{
71+
type = var.type
72+
automaticResponseConfiguration = {
73+
automaticResponseStatus = lookup(var.managed_service_data, "automaticResponseStatus", "DISABLED")
74+
automaticResponseAction = lookup(var.managed_service_data, "automaticResponseAction", null)
1775
}
76+
optimizeUnassociatedWebACL = lookup(var.managed_service_data, "optimizeUnassociatedWebACL", false)
77+
overrideCustomerWebaclClassic = lookup(var.managed_service_data, "overrideCustomerWebaclClassic", false)
78+
}
79+
) : var.type == "SECURITY_GROUPS_COMMON" ? merge(local.default,
80+
{
81+
type = var.type
82+
securityGroups = lookup(var.managed_service_data, "securityGroups", [])
83+
securityGroupAction = lookup(var.managed_service_data, "securityGroupAction", null)
84+
revertManualSecurityGroupChanges = lookup(var.managed_service_data, "revertManualSecurityGroupChanges", false)
85+
exclusiveResourceSecurityGroupManagement = lookup(var.managed_service_data, "exclusiveResourceSecurityGroupManagement", false)
86+
applyToAllEC2InstanceENIs = lookup(var.managed_service_data, "applyToAllEC2InstanceENIs", false)
87+
includeSharedVPC = lookup(var.managed_service_data, "includeSharedVPC", false)
88+
enableSecurityGroupReferencesDistribution = lookup(var.managed_service_data, "enableSecurityGroupReferencesDistribution", false)
89+
enableTagDistribution = lookup(var.managed_service_data, "enableTagDistribution", false)
1890
}
19-
challengeConfig = {
20-
immunityTimeProperty = {
21-
immunityTime = lookup(var.managed_service_data, "challengeConfig", 300)
91+
) : var.type == "SECURITY_GROUPS_CONTENT_AUDIT" ? merge(local.default,
92+
{
93+
type = var.type
94+
preManagedOptions = lookup(var.managed_service_data, "preManagedOptions", null)
95+
securityGroups = lookup(var.managed_service_data, "securityGroups")
96+
securityGroupAction = {
97+
type = lookup(var.managed_service_data, "securityGroupAction")
2298
}
2399
}
24-
tokenDomains = lookup(var.managed_service_data, "tokenDomains", null)
25-
optimizeUnassociatedWebACL = lookup(var.managed_service_data, "optimizeUnassociatedWebACL", false)
26-
webACLSource = lookup(var.managed_service_data, "webACLSource", "DEFAULT")
27-
28-
} : var.type == "SHIELD_ADVANCED" ? {
29-
type = var.type
30-
automaticResponseConfiguration = lookup(var.managed_service_data, "automaticResponseConfiguration", {})
31-
optimizeUnassociatedWebACL = lookup(var.managed_service_data, "optimizeUnassociatedWebACL", false)
32-
overrideCustomerWebaclClassic = lookup(var.managed_service_data, "overrideCustomerWebaclClassic", false)
33-
34-
} : var.type == "SECURITY_GROUPS_COMMON" ? {
35-
type = var.type
36-
securityGroups = lookup(var.managed_service_data, "securityGroups", [])
37-
securityGroupAction = lookup(var.managed_service_data, "securityGroupAction", null)
38-
revertManualSecurityGroupChanges = lookup(var.managed_service_data, "revertManualSecurityGroupChanges", false)
39-
exclusiveResourceSecurityGroupManagement = lookup(var.managed_service_data, "exclusiveResourceSecurityGroupManagement", false)
40-
applyToAllEC2InstanceENIs = lookup(var.managed_service_data, "applyToAllEC2InstanceENIs", false)
41-
includeSharedVPC = lookup(var.managed_service_data, "includeSharedVPC", false)
42-
enableSecurityGroupReferencesDistribution = lookup(var.managed_service_data, "enableSecurityGroupReferencesDistribution", false)
43-
enableTagDistribution = lookup(var.managed_service_data, "enableTagDistribution", false)
44-
45-
} : var.type == "SECURITY_GROUPS_CONTENT_AUDIT" ? {
46-
type = var.type
47-
preManagedOptions = lookup(var.managed_service_data, "preManagedOptions", null)
48-
securityGroups = lookup(var.managed_service_data, "securityGroups")
49-
securityGroupAction = {
50-
type = lookup(var.managed_service_data, "securityGroupAction")
100+
) : var.type == "SECURITY_GROUPS_USAGE_AUDIT" ? merge(local.default,
101+
{
102+
type = var.type
103+
deleteUnusedSecurityGroups = lookup(var.managed_service_data, "deleteUnusedSecurityGroups", false)
104+
coalesceRedundantSecurityGroups = lookup(var.managed_service_data, "coalesceRedundantSecurityGroups", false)
105+
# 'optionalDelayForUnusedInMinutes' field only applies if deleteUnusedSecurityGroups is set to true.
106+
optionalDelayForUnusedInMinutes = lookup(var.managed_service_data, "optionalDelayForUnusedInMinutes", 0)
51107
}
52-
53-
} : var.type == "SECURITY_GROUPS_USAGE_AUDIT" ? {
54-
type = var.type
55-
deleteUnusedSecurityGroups = lookup(var.managed_service_data, "deleteUnusedSecurityGroups", false)
56-
coalesceRedundantSecurityGroups = lookup(var.managed_service_data, "coalesceRedundantSecurityGroups", false)
57-
# 'optionalDelayForUnusedInMinutes' field only applies if deleteUnusedSecurityGroups is set to true.
58-
optionalDelayForUnusedInMinutes = lookup(var.managed_service_data, "optionalDelayForUnusedInMinutes", 0)
59-
60-
} : var.type == "NETWORK_FIREWALL" ? {
61-
type = var.type
62-
# Centralized deployment model
63-
awsNetworkFirewallConfig = lookup(var.managed_service_data, "awsNetworkFirewallConfig", null)
64-
firewallDeploymentModel = lookup(var.managed_service_data, "firewallDeploymentModel", null)
65-
# Distributed deployment model
66-
networkFirewallStatelessRuleGroupReferences = lookup(var.managed_service_data, "networkFirewallStatelessRuleGroupReferences", null)
67-
networkFirewallStatelessDefaultActions = lookup(var.managed_service_data, "networkFirewallStatelessDefaultActions", null)
68-
networkFirewallStatelessFragmentDefaultActions = lookup(var.managed_service_data, "networkFirewallStatelessFragmentDefaultActions", null)
69-
networkFirewallStatelessCustomActions = lookup(var.managed_service_data, "networkFirewallStatelessCustomActions", null)
70-
networkFirewallStatefulRuleGroupReferences = lookup(var.managed_service_data, "networkFirewallStatefulRuleGroupReferences", null)
71-
networkFirewallOrchestrationConfig = lookup(var.managed_service_data, "networkFirewallOrchestrationConfig", null)
72-
networkFirewallLoggingConfiguration = lookup(var.managed_service_data, "networkFirewallLoggingConfiguration", null)
73-
74-
} : var.type == "DNS_FIREWALL" ? {
75-
type = var.type
76-
preProcessRuleGroups = lookup(var.managed_service_data, "preProcessRuleGroups", [])
77-
postProcessRuleGroups = lookup(var.managed_service_data, "postProcessRuleGroups", [])
78-
79-
} : {}
108+
) : var.type == "NETWORK_FIREWALL" ? merge(local.default,
109+
{
110+
type = var.type
111+
# Centralized deployment model
112+
awsNetworkFirewallConfig = lookup(var.managed_service_data, "awsNetworkFirewallConfig", null)
113+
firewallDeploymentModel = lookup(var.managed_service_data, "firewallDeploymentModel", null)
114+
# Distributed deployment model
115+
networkFirewallStatelessRuleGroupReferences = lookup(var.managed_service_data, "networkFirewallStatelessRuleGroupReferences", null)
116+
networkFirewallStatelessDefaultActions = lookup(var.managed_service_data, "networkFirewallStatelessDefaultActions", null)
117+
networkFirewallStatelessFragmentDefaultActions = lookup(var.managed_service_data, "networkFirewallStatelessFragmentDefaultActions", null)
118+
networkFirewallStatelessCustomActions = lookup(var.managed_service_data, "networkFirewallStatelessCustomActions", null)
119+
networkFirewallStatefulRuleGroupReferences = lookup(var.managed_service_data, "networkFirewallStatefulRuleGroupReferences", null)
120+
networkFirewallOrchestrationConfig = lookup(var.managed_service_data, "networkFirewallOrchestrationConfig", null)
121+
networkFirewallLoggingConfiguration = lookup(var.managed_service_data, "networkFirewallLoggingConfiguration", null)
122+
}
123+
) : var.type == "DNS_FIREWALL" ? merge(local.default,
124+
{
125+
type = var.type
126+
preProcessRuleGroups = lookup(var.managed_service_data, "preProcessRuleGroups", [])
127+
postProcessRuleGroups = lookup(var.managed_service_data, "postProcessRuleGroups", [])
128+
}
129+
) : local.default
80130
}
81131

82132
resource "aws_fms_policy" "this" {

0 commit comments

Comments
 (0)