Skip to content

Commit 1c1d430

Browse files
authored
Merge pull request #38161 from hashicorp/f/add-resource-sets-to-policy
Add resource_set_ids attribute to fms policy
2 parents a9e5679 + e4f8f9d commit 1c1d430

File tree

4 files changed

+88
-0
lines changed

4 files changed

+88
-0
lines changed

.changelog/38161.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:enhancement
2+
resource/aws_fms_policy: Add `resource_set_ids` attribute
3+
```

internal/service/fms/fms_test.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ func TestAccFMS_serial(t *testing.T) {
2828
"securityGroup": testAccPolicy_securityGroup,
2929
"tags": testAccPolicy_tags,
3030
"update": testAccPolicy_update,
31+
"rscSet": testAccPolicy_rscSet,
3132
},
3233
"ResourceSet": {
3334
acctest.CtBasic: testAccFMSResourceSet_basic,

internal/service/fms/policy.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,14 @@ func resourcePolicy() *schema.Resource {
134134
ValidateFunc: validation.StringMatch(regexache.MustCompile(`^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`), "must match a supported resource type, such as AWS::EC2::VPC, see also: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_Policy.html"),
135135
ConflictsWith: []string{"resource_type_list"},
136136
},
137+
"resource_set_ids": {
138+
Type: schema.TypeSet,
139+
Optional: true,
140+
Computed: true,
141+
Elem: &schema.Schema{
142+
Type: schema.TypeString,
143+
},
144+
},
137145
"resource_type_list": {
138146
Type: schema.TypeSet,
139147
Optional: true,
@@ -275,6 +283,7 @@ func resourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta interf
275283
}
276284
d.Set(names.AttrResourceType, policy.ResourceType)
277285
d.Set("resource_type_list", policy.ResourceTypeList)
286+
d.Set("resource_set_ids", policy.ResourceSetIds)
278287
securityServicePolicy := []map[string]interface{}{{
279288
names.AttrType: string(policy.SecurityServicePolicyData.Type),
280289
"managed_service_data": aws.ToString(policy.SecurityServicePolicyData.ManagedServiceData),
@@ -376,6 +385,7 @@ func expandPolicy(d *schema.ResourceData) *awstypes.Policy {
376385
RemediationEnabled: d.Get("remediation_enabled").(bool),
377386
ResourceType: resourceType,
378387
ResourceTypeList: flex.ExpandStringValueSet(d.Get("resource_type_list").(*schema.Set)),
388+
ResourceSetIds: flex.ExpandStringValueSet(d.Get("resource_set_ids").(*schema.Set)),
379389
}
380390

381391
if d.Id() != "" {

internal/service/fms/policy_test.go

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -365,6 +365,34 @@ func testAccPolicy_securityGroup(t *testing.T) {
365365
})
366366
}
367367

368+
func testAccPolicy_rscSet(t *testing.T) {
369+
ctx := acctest.Context(t)
370+
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
371+
resourceName := "aws_fms_policy.test"
372+
373+
resource.Test(t, resource.TestCase{
374+
PreCheck: func() {
375+
acctest.PreCheck(ctx, t)
376+
acctest.PreCheckRegion(t, names.USEast1RegionID)
377+
acctest.PreCheckOrganizationsEnabled(ctx, t)
378+
acctest.PreCheckOrganizationManagementAccount(ctx, t)
379+
},
380+
ErrorCheck: acctest.ErrorCheck(t, names.FMSServiceID),
381+
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
382+
CheckDestroy: testAccCheckPolicyDestroy(ctx),
383+
Steps: []resource.TestStep{
384+
{
385+
Config: testAccPolicyConfig_rscSet(rName, rName),
386+
Check: resource.ComposeTestCheckFunc(
387+
testAccCheckPolicyExists(ctx, resourceName),
388+
resource.TestCheckResourceAttr(resourceName, names.AttrName, rName),
389+
resource.TestCheckResourceAttr(resourceName, "resource_set_ids.#", acctest.Ct1),
390+
),
391+
},
392+
},
393+
})
394+
}
395+
368396
func testAccCheckPolicyDestroy(ctx context.Context) resource.TestCheckFunc {
369397
return func(s *terraform.State) error {
370398
conn := acctest.Provider.Meta().(*conns.AWSClient).FMSClient(ctx)
@@ -413,6 +441,7 @@ resource "aws_fms_policy" "test" {
413441
name = %[1]q
414442
description = "test description"
415443
remediation_enabled = false
444+
resource_set_ids = [aws_fms_resource_set.test.id]
416445
resource_type_list = ["AWS::ElasticLoadBalancingV2::LoadBalancer"]
417446
418447
exclude_map {
@@ -431,6 +460,14 @@ resource "aws_wafregional_rule_group" "test" {
431460
metric_name = "MyTest"
432461
name = %[2]q
433462
}
463+
464+
resource "aws_fms_resource_set" "test" {
465+
depends_on = [aws_fms_admin_account.test]
466+
resource_set {
467+
name = %[1]q
468+
resource_type_list = ["AWS::NetworkFirewall::Firewall"]
469+
}
470+
}
434471
`, policyName, ruleGroupName))
435472
}
436473

@@ -845,3 +882,40 @@ resource "aws_fms_policy" "test" {
845882
}
846883
`, rName))
847884
}
885+
886+
func testAccPolicyConfig_rscSet(policyName, ruleGroupName string) string {
887+
return acctest.ConfigCompose(testAccAdminAccountConfig_basic, fmt.Sprintf(`
888+
resource "aws_fms_policy" "test" {
889+
exclude_resource_tags = false
890+
name = %[1]q
891+
description = "test description"
892+
remediation_enabled = false
893+
resource_set_ids = [aws_fms_resource_set.test.id]
894+
resource_type_list = ["AWS::ElasticLoadBalancingV2::LoadBalancer"]
895+
896+
exclude_map {
897+
account = [data.aws_caller_identity.current.account_id]
898+
}
899+
900+
security_service_policy_data {
901+
type = "WAF"
902+
managed_service_data = "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"${aws_wafregional_rule_group.test.id}\", \"overrideAction\" : {\"type\": \"COUNT\"}}],\"defaultAction\": {\"type\": \"BLOCK\"}, \"overrideCustomerWebACLAssociation\": false}"
903+
}
904+
905+
depends_on = [aws_fms_admin_account.test]
906+
}
907+
908+
resource "aws_wafregional_rule_group" "test" {
909+
metric_name = "MyTest"
910+
name = %[2]q
911+
}
912+
913+
resource "aws_fms_resource_set" "test" {
914+
depends_on = [aws_fms_admin_account.test]
915+
resource_set {
916+
name = %[1]q
917+
resource_type_list = ["AWS::NetworkFirewall::Firewall"]
918+
}
919+
}
920+
`, policyName, ruleGroupName))
921+
}

0 commit comments

Comments
 (0)