Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/aws_guardduty_malware_protection_plan #37919

Merged
merged 26 commits into from
Jun 11, 2024
Merged

r/aws_guardduty_malware_protection_plan #37919

merged 26 commits into from
Jun 11, 2024

Conversation

GlennChia
Copy link
Collaborator

@GlennChia GlennChia commented Jun 11, 2024
edited
Loading

Description

Creates a new resource for aws_guardduty_malware_protection_plan

Relations

Closes #37918

References

Output from Acceptance Testing

% AWS_DEFAULT_REGION=us-east-2  make testacc TESTARGS='-run=TestAccGuardDutyMalwareProtectionPlan' PKG=guardduty
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20  -run=TestAccGuardDutyMalwareProtectionPlan -timeout 360m
=== RUN   TestAccGuardDutyMalwareProtectionPlan_basic
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_basic
=== RUN   TestAccGuardDutyMalwareProtectionPlan_role
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_role
=== RUN   TestAccGuardDutyMalwareProtectionPlan_actionsTaggingStatus
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_actionsTaggingStatus
=== RUN   TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketName
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketName
=== RUN   TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketObjectPrefix
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketObjectPrefix
=== RUN   TestAccGuardDutyMalwareProtectionPlan_disappears
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_disappears
=== RUN   TestAccGuardDutyMalwareProtectionPlan_tags
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_tags
=== CONT  TestAccGuardDutyMalwareProtectionPlan_basic
=== CONT  TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketObjectPrefix
=== CONT  TestAccGuardDutyMalwareProtectionPlan_actionsTaggingStatus
=== CONT  TestAccGuardDutyMalwareProtectionPlan_tags
=== CONT  TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketName
=== CONT  TestAccGuardDutyMalwareProtectionPlan_role
=== CONT  TestAccGuardDutyMalwareProtectionPlan_disappears
--- PASS: TestAccGuardDutyMalwareProtectionPlan_disappears (65.49s)
--- PASS: TestAccGuardDutyMalwareProtectionPlan_basic (78.76s)
--- PASS: TestAccGuardDutyMalwareProtectionPlan_role (99.27s)
--- PASS: TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketName (106.53s)
--- PASS: TestAccGuardDutyMalwareProtectionPlan_actionsTaggingStatus (113.17s)
--- PASS: TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketObjectPrefix (125.61s)
--- PASS: TestAccGuardDutyMalwareProtectionPlan_tags (132.36s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/guardduty  132.499s

...

@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added size/XL Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/guardduty Issues and PRs that pertain to the guardduty service. client-connections Pertains to the AWS Client and service connections. generators Relates to code generators. labels Jun 11, 2024
@terraform-aws-provider terraform-aws-provider bot added needs-triage Waiting for first response or review from a maintainer. partner Contribution from a partner. labels Jun 11, 2024
@github-actions GitHub Actions
Copy link

Thank you for your contribution! 🚀

Please note that typically Go dependency changes are handled in this repository by dependabot or the maintainers. This is to prevent pull request merge conflicts and further delay reviews of contributions. Remove any changes to the go.mod or go.sum files and commit them into this pull request.

Additional details:

  • Check open pull requests with the dependencies label to view other dependency updates.
  • If this pull request includes an update the AWS Go SDK (or any other dependency) version, only updates submitted via dependabot will be merged. This pull request will need to remove these changes and will need to be rebased after the existing dependency update via dependabot has been merged for this pull request to be reviewed.
  • If this pull request is for supporting a new AWS service:
    • Ensure the new AWS service changes are following the Contributing Guide section on new services, in particular that the dependency addition and initial provider support are in a separate pull request from other changes (e.g. new resources). Contributions not following this item will not be reviewed until the changes are split.
    • If this pull request is already a separate pull request from the above item, you can ignore this message.

@GlennChia
td(gd): names csv add sdkv2
9b85bf9
@GlennChia
td(gd): awsclient_gen add guardduty sdkv2
b3015d9 
go generate ./internal/conns/...
@GlennChia
td(gd): go get sdkv2 packages
0857351 
go get github.com/hashicorp/terraform-provider-aws/internal/conns
@justinretzolk justinretzolk added new-resource Introduces a new resource. and removed needs-triage Waiting for first response or review from a maintainer. labels Jun 11, 2024
@GlennChia GlennChia force-pushed the f-aws_guardduty_malware_protection_plan branch from c4f35e7 to 2e9f0a2 Compare June 11, 2024 15:07
@GlennChia
Copy link
Collaborator Author

GlennChia commented Jun 11, 2024
edited
Loading

Design considerations. There is a block for actions that is used as such

resource "aws_guardduty_malware_protection_plan" "example" {
  // other args removed
  actions {
    tagging {
      status = "ENABLED"
    }
  }

From an API perspective, actions, tagging, and status are all optional. The GET API also computes and returns a default value of status as DISABLED if users do not specify any value. This creates an error in Terraform when users do not specify the block with the string value. Several design options were considered to overcome this

  1. Treat the arguments as required although they are optional. This is similar to the approach that aws_devopsguru_service_integration takes for the logs_anomaly_detection argument. From an API perspective. The API UpdateServiceIntegrationConfig - LogsAnomalyDetection views it as an optional argument, The provider sets it as IsRequired

    terraform-provider-aws/internal/service/devopsguru/service_integration.go

    Lines 88 to 109 in b1249d2

    "logs_anomaly_detection": schema.ListNestedBlock{
    CustomType: fwtypes.NewListNestedObjectTypeOf[logsAnomalyDetectionData](ctx),
    PlanModifiers: []planmodifier.List{
    listplanmodifier.UseStateForUnknown(),
    },
    Validators: []validator.List{
    listvalidator.SizeAtMost(1),
    listvalidator.IsRequired(),
    },
    NestedObject: schema.NestedBlockObject{
    Attributes: map[string]schema.Attribute{
    "opt_in_status": schema.StringAttribute{
    CustomType: fwtypes.StringEnumType[awstypes.OptInStatus](),
    Optional: true,
    Computed: true,
    PlanModifiers: []planmodifier.String{
    stringplanmodifier.UseStateForUnknown(),
    },
    },
    },
    },
    },
  2. (chosen) Define the root argument as optional computed. This has the better user experience of allowing users the option of not defining the block if they wish to leave its defaults. This is similar to the aws_bedrockagent_agent resource's prompt_override_configuration block. However, there will be errors if users set the actions block without the nested tagging block or if users set actions with tagging but leave out status. Hence the documentation specifies the actions block as optional, but the tagging block and status string as required.

    terraform-provider-aws/internal/service/bedrockagent/agent.go

    Lines 124 to 137 in b1249d2

    "prompt_override_configuration": schema.ListAttribute{ // proto5 Optional+Computed nested block.
    CustomType: fwtypes.NewListNestedObjectTypeOf[promptOverrideConfigurationModel](ctx),
    Optional: true,
    Computed: true,
    PlanModifiers: []planmodifier.List{
    listplanmodifier.UseStateForUnknown(),
    },
    Validators: []validator.List{
    listvalidator.SizeAtMost(1),
    },
    ElementType: types.ObjectType{
    AttrTypes: fwtypes.AttributeTypesMust[promptOverrideConfigurationModel](ctx),
    },
    },

@ewbankkit ewbankkit self-assigned this Jun 11, 2024
@terraform-aws-provider terraform-aws-provider bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Jun 11, 2024
@ewbankkit ewbankkit mentioned this pull request Jun 11, 2024
Merged
ewbankkit
ewbankkit approved these changes Jun 11, 2024
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccGuardDutyMalwareProtectionPlan_' PKG=guardduty ACCTEST_PARALLELISM=2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.2 test ./internal/service/guardduty/... -v -count 1 -parallel 2  -run=TestAccGuardDutyMalwareProtectionPlan_ -timeout 360m
=== RUN   TestAccGuardDutyMalwareProtectionPlan_basic
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_basic
=== RUN   TestAccGuardDutyMalwareProtectionPlan_role
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_role
=== RUN   TestAccGuardDutyMalwareProtectionPlan_actionsTaggingStatus
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_actionsTaggingStatus
=== RUN   TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketName
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketName
=== RUN   TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketObjectPrefix
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketObjectPrefix
=== RUN   TestAccGuardDutyMalwareProtectionPlan_disappears
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_disappears
=== RUN   TestAccGuardDutyMalwareProtectionPlan_tags
=== PAUSE TestAccGuardDutyMalwareProtectionPlan_tags
=== CONT  TestAccGuardDutyMalwareProtectionPlan_basic
=== CONT  TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketObjectPrefix
--- PASS: TestAccGuardDutyMalwareProtectionPlan_basic (31.95s)
=== CONT  TestAccGuardDutyMalwareProtectionPlan_actionsTaggingStatus
--- PASS: TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketObjectPrefix (45.36s)
=== CONT  TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketName
--- PASS: TestAccGuardDutyMalwareProtectionPlan_actionsTaggingStatus (35.15s)
=== CONT  TestAccGuardDutyMalwareProtectionPlan_role
--- PASS: TestAccGuardDutyMalwareProtectionPlan_protectedResourceS3BucketName (35.55s)
=== CONT  TestAccGuardDutyMalwareProtectionPlan_tags
--- PASS: TestAccGuardDutyMalwareProtectionPlan_role (37.98s)
=== CONT  TestAccGuardDutyMalwareProtectionPlan_disappears
--- PASS: TestAccGuardDutyMalwareProtectionPlan_disappears (23.30s)
--- PASS: TestAccGuardDutyMalwareProtectionPlan_tags (47.87s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	133.055s

@ewbankkit
Copy link
Contributor

@GlennChia Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit 8fbbb25 into hashicorp:main Jun 11, 2024
39 checks passed
@github-actions github-actions bot added this to the v5.54.0 milestone Jun 11, 2024
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.54.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Jun 14, 2024
@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees

@ewbankkit ewbankkit

Labels
client-connections Pertains to the AWS Client and service connections. documentation Introduces or discusses updates to documentation. generators Relates to code generators. new-resource Introduces a new resource. partner Contribution from a partner. service/guardduty Issues and PRs that pertain to the guardduty service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.54.0
Development

Successfully merging this pull request may close these issues.

[New Resource]: AWS Guardduty Malware protection for S3 bucket
3 participants
@GlennChia @ewbankkit @justinretzolk