Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for features in GuardDuty Detector #31463

Merged
merged 33 commits into from
Sep 29, 2023
Merged

Support for features in GuardDuty Detector #31463

merged 33 commits into from
Sep 29, 2023

Conversation

ringods
Copy link
Contributor

@ringods ringods commented May 18, 2023
edited by ewbankkit
Loading

Description

Relations

Closes #30303.
Closes #18619.
Closes #21030.
Closes #19893.
Closes #32949.
Closes #30859.
Closes #28229.

References

Output from Acceptance Testing

$ make testacc TESTS="TestAccGuardDuty_serial/Detector" PKG=guardduty

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20 -run='TestAccGuardDuty_serial/Detector'  -timeout 180m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/Detector
=== RUN   TestAccGuardDuty_serial/Detector/features_eks_audit_logs
    detector_test.go:408: Step 1/3 error: After applying this test step, the plan was not empty.
        stdout:
        
        
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
          ~ update in-place
        
        Terraform will perform the following actions:
        
          # aws_guardduty_detector.test will be updated in-place
          ~ resource "aws_guardduty_detector" "test" {
                id                           = "66c4245df4d8e7e995a11d7a1d692dbd"
                # (5 unchanged attributes hidden)
        
              ~ features {
                  ~ name   = "CLOUD_TRAIL" -> "EKS_AUDIT_LOGS"
                    # (1 unchanged attribute hidden)
                }
              - features {
                  - enable = true -> null
                  - name   = "DNS_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "FLOW_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "S3_DATA_EVENTS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EKS_AUDIT_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EBS_MALWARE_PROTECTION" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "RDS_LOGIN_EVENTS" -> null
                }
              - features {
                  - enable = false -> null
                  - name   = "EKS_RUNTIME_MONITORING" -> null
        
                  - additional_configuration {
                      - enable = false -> null
                      - name   = "EKS_ADDON_MANAGEMENT" -> null
                    }
                }
              - features {
                  - enable = true -> null
                  - name   = "LAMBDA_NETWORK_LOGS" -> null
                }
        
                # (1 unchanged block hidden)
            }
        
        Plan: 0 to add, 1 to change, 0 to destroy.
=== RUN   TestAccGuardDuty_serial/Detector/features_rds_login_events
    detector_test.go:570: Step 1/3 error: After applying this test step, the plan was not empty.
        stdout:
        
        
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
          ~ update in-place
        
        Terraform will perform the following actions:
        
          # aws_guardduty_detector.test will be updated in-place
          ~ resource "aws_guardduty_detector" "test" {
                id                           = "4ac4245e10a2615ac6f5ef2900f9672b"
                # (5 unchanged attributes hidden)
        
              ~ features {
                  ~ name   = "CLOUD_TRAIL" -> "RDS_LOGIN_EVENTS"
                    # (1 unchanged attribute hidden)
                }
              - features {
                  - enable = true -> null
                  - name   = "DNS_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "FLOW_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "S3_DATA_EVENTS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EKS_AUDIT_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EBS_MALWARE_PROTECTION" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "RDS_LOGIN_EVENTS" -> null
                }
              - features {
                  - enable = false -> null
                  - name   = "EKS_RUNTIME_MONITORING" -> null
        
                  - additional_configuration {
                      - enable = false -> null
                      - name   = "EKS_ADDON_MANAGEMENT" -> null
                    }
                }
              - features {
                  - enable = true -> null
                  - name   = "LAMBDA_NETWORK_LOGS" -> null
                }
        
                # (1 unchanged block hidden)
            }
        
        Plan: 0 to add, 1 to change, 0 to destroy.
=== RUN   TestAccGuardDuty_serial/Detector/features_eks_runtime_monitoring
    detector_test.go:651: Step 1/3 error: After applying this test step, the plan was not empty.
        stdout:
        
        
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
          ~ update in-place
        
        Terraform will perform the following actions:
        
          # aws_guardduty_detector.test will be updated in-place
          ~ resource "aws_guardduty_detector" "test" {
                id                           = "fac4245e2bfbf48032b05bbd94917971"
                # (5 unchanged attributes hidden)
        
              ~ features {
                  ~ name   = "CLOUD_TRAIL" -> "EKS_RUNTIME_MONITORING"
                    # (1 unchanged attribute hidden)
        
                  + additional_configuration {
                      + enable = true
                      + name   = "EKS_ADDON_MANAGEMENT"
                    }
                }
              - features {
                  - enable = true -> null
                  - name   = "DNS_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "FLOW_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "S3_DATA_EVENTS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EKS_AUDIT_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EBS_MALWARE_PROTECTION" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "RDS_LOGIN_EVENTS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EKS_RUNTIME_MONITORING" -> null
        
                  - additional_configuration {
                      - enable = true -> null
                      - name   = "EKS_ADDON_MANAGEMENT" -> null
                    }
                }
              - features {
                  - enable = true -> null
                  - name   = "LAMBDA_NETWORK_LOGS" -> null
                }
        
                # (1 unchanged block hidden)
            }
        
        Plan: 0 to add, 1 to change, 0 to destroy.
=== RUN   TestAccGuardDuty_serial/Detector/datasource_basic
=== RUN   TestAccGuardDuty_serial/Detector/datasource_id
=== RUN   TestAccGuardDuty_serial/Detector/basic
=== RUN   TestAccGuardDuty_serial/Detector/datasources_s3logs
=== RUN   TestAccGuardDuty_serial/Detector/datasources_malware_protection
=== RUN   TestAccGuardDuty_serial/Detector/features_ebs_malware_protection
    detector_test.go:489: Step 1/3 error: After applying this test step, the plan was not empty.
        stdout:
        
        
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
          ~ update in-place
        
        Terraform will perform the following actions:
        
          # aws_guardduty_detector.test will be updated in-place
          ~ resource "aws_guardduty_detector" "test" {
                id                           = "aec4245fa390ffb733dd33a8d363d8a0"
                # (5 unchanged attributes hidden)
        
              ~ features {
                  ~ name   = "CLOUD_TRAIL" -> "EBS_MALWARE_PROTECTION"
                    # (1 unchanged attribute hidden)
                }
              - features {
                  - enable = true -> null
                  - name   = "DNS_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "FLOW_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "S3_DATA_EVENTS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EKS_AUDIT_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EBS_MALWARE_PROTECTION" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "RDS_LOGIN_EVENTS" -> null
                }
              - features {
                  - enable = false -> null
                  - name   = "EKS_RUNTIME_MONITORING" -> null
        
                  - additional_configuration {
                      - enable = false -> null
                      - name   = "EKS_ADDON_MANAGEMENT" -> null
                    }
                }
              - features {
                  - enable = true -> null
                  - name   = "LAMBDA_NETWORK_LOGS" -> null
                }
        
                # (1 unchanged block hidden)
            }
        
        Plan: 0 to add, 1 to change, 0 to destroy.
=== RUN   TestAccGuardDuty_serial/Detector/tags
=== RUN   TestAccGuardDuty_serial/Detector/datasources_kubernetes_audit_logs
=== RUN   TestAccGuardDuty_serial/Detector/datasources_all
=== RUN   TestAccGuardDuty_serial/Detector/features_s3_data_events
    detector_test.go:327: Step 1/3 error: After applying this test step, the plan was not empty.
        stdout:
        
        
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
          ~ update in-place
        
        Terraform will perform the following actions:
        
          # aws_guardduty_detector.test will be updated in-place
          ~ resource "aws_guardduty_detector" "test" {
                id                           = "b8c42460d47fe3280fae51468feed887"
                # (5 unchanged attributes hidden)
        
              ~ features {
                  ~ name   = "CLOUD_TRAIL" -> "S3_DATA_EVENTS"
                    # (1 unchanged attribute hidden)
                }
              - features {
                  - enable = true -> null
                  - name   = "DNS_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "FLOW_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "S3_DATA_EVENTS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EKS_AUDIT_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EBS_MALWARE_PROTECTION" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "RDS_LOGIN_EVENTS" -> null
                }
              - features {
                  - enable = false -> null
                  - name   = "EKS_RUNTIME_MONITORING" -> null
        
                  - additional_configuration {
                      - enable = false -> null
                      - name   = "EKS_ADDON_MANAGEMENT" -> null
                    }
                }
              - features {
                  - enable = true -> null
                  - name   = "LAMBDA_NETWORK_LOGS" -> null
                }
        
                # (1 unchanged block hidden)
            }
        
        Plan: 0 to add, 1 to change, 0 to destroy.
--- FAIL: TestAccGuardDuty_serial (392.07s)
    --- FAIL: TestAccGuardDuty_serial/Detector (392.07s)
        --- FAIL: TestAccGuardDuty_serial/Detector/features_eks_audit_logs (15.74s)
        --- FAIL: TestAccGuardDuty_serial/Detector/features_rds_login_events (13.92s)
        --- FAIL: TestAccGuardDuty_serial/Detector/features_eks_runtime_monitoring (14.08s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasource_basic (29.56s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasource_id (18.28s)
        --- PASS: TestAccGuardDuty_serial/Detector/basic (62.41s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasources_s3logs (34.27s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasources_malware_protection (33.69s)
        --- FAIL: TestAccGuardDuty_serial/Detector/features_ebs_malware_protection (13.84s)
        --- PASS: TestAccGuardDuty_serial/Detector/tags (47.62s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasources_kubernetes_audit_logs (34.12s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasources_all (60.60s)
        --- FAIL: TestAccGuardDuty_serial/Detector/features_s3_data_events (13.94s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	394.198s
FAIL

Current tests fail on the new features. See my ask for help below.

@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added service/guardduty Issues and PRs that pertain to the guardduty service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. size/XL Managed by automation to categorize the size of a PR. needs-triage Waiting for first response or review from a maintainer. and removed tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/guardduty Issues and PRs that pertain to the guardduty service. labels May 18, 2023
@ringods
Copy link
Contributor Author

ringods commented May 22, 2023
edited
Loading

@justinretzolk I need help to complete the test suite! Can someone from the team chime in on my problem?

The new features API to a GuardDuty detector always populates the default values in the GetDetector API call. Hence, even when writing this as input HCL:

resource "aws_guardduty_detector" "test" {
	features {
		name = "EKS_AUDIT_LOGS"
		enable = %[1]t
	}
}

all the other features are populated with the default values. This isn't the case for the deprecated datasources property. The output is this:

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20 -run='TestAccGuardDuty_serial/Detector/features_s3_data_events'  -timeout 180m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/Detector
=== RUN   TestAccGuardDuty_serial/Detector/features_s3_data_events
    detector_test.go:327: Step 1/3 error: After applying this test step, the plan was not empty.
        stdout:
        
        
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
          ~ update in-place
        
        Terraform will perform the following actions:
        
          # aws_guardduty_detector.test will be updated in-place
          ~ resource "aws_guardduty_detector" "test" {
                id                           = "9ac42167a267a218cc3a9cf1c0d8ad2d"
                # (5 unchanged attributes hidden)
        
              ~ features {
                  ~ name   = "CLOUD_TRAIL" -> "S3_DATA_EVENTS"
                    # (1 unchanged attribute hidden)
                }
              - features {
                  - enable = true -> null
                  - name   = "DNS_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "FLOW_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "S3_DATA_EVENTS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EKS_AUDIT_LOGS" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "EBS_MALWARE_PROTECTION" -> null
                }
              - features {
                  - enable = true -> null
                  - name   = "RDS_LOGIN_EVENTS" -> null
                }
              - features {
                  - enable = false -> null
                  - name   = "EKS_RUNTIME_MONITORING" -> null
        
                  - additional_configuration {
                      - enable = false -> null
                      - name   = "EKS_ADDON_MANAGEMENT" -> null
                    }
                }
              - features {
                  - enable = true -> null
                  - name   = "LAMBDA_NETWORK_LOGS" -> null
                }
        
                # (1 unchanged block hidden)
            }
        
        Plan: 0 to add, 1 to change, 0 to destroy.
--- FAIL: TestAccGuardDuty_serial (15.93s)
    --- FAIL: TestAccGuardDuty_serial/Detector (15.93s)
        --- FAIL: TestAccGuardDuty_serial/Detector/features_s3_data_events (15.93s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	18.101s
FAIL

How should I write the tests that I verify the configured feature to be in the list with the correct enabled state?

@justinretzolk
Copy link
Member

Hey @ringods 👋 Thank you for taking the time to raise this! Since you're having issues with the tests, feel free to leave them for now, and when we're able to prioritize this, someone from the team will be happy to help workshop them 🙂

@justinretzolk justinretzolk added service/guardduty Issues and PRs that pertain to the guardduty service. enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels May 22, 2023
@ringods ringods marked this pull request as ready for review May 23, 2023 12:58
@github-actions github-actions bot added the tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. label May 23, 2023
@github-actions github-actions bot added the documentation Introduces or discusses updates to documentation. label May 24, 2023
@ringods
Copy link
Contributor Author

ringods commented May 25, 2023

Hello @justinretzolk, my PR is "feature complete" now that it includes the changes for the resource, the datasource and the documentation. I will monitor the PR and help out where needed to get the test suite working.

The old datasources property is deprecated by AWS since March 2023, which means that for newer features, provider users are out of luck without the support implemented in this PR. Could you organize to give this PR a higher precedence due to this?

@mcantinqc
Copy link
Contributor

Is there any chance it will be prioritized soon?

@justinretzolk
Copy link
Member

Hey all 👋 Thank you for checking in on this! Unfortunately I can't provide an ETA on when this will be reviewed/merged due to the potential of shifting priorities. We prioritize by count of 👍 reactions and a few other things (more information on our prioritization guide if you're interested). That said, with the deprecation called out above, I'll make sure to bring this one up to the team to see what we can do.

@ewbankkit
Revert "fix: add validation of GuardDuty filter name"
4d0b83f 
This reverts commit 931f43f.
@ewbankkit
Merge branch 'main' into HEAD
ed33675 
# Conflicts:
#	website/docs/r/guardduty_detector.html.markdown
@ewbankkit
Merge commit '4d0b83f964a4edea485b2a2f11aa871a345c8c59' into HEAD
67e3d65
@ewbankkit
r/aws_guardduty_filter: Alphabetize attributes.
ef26485
@ewbankkit
r/aws_guardduty_filter: Add plan-time validation of name.
0c57c34
@ewbankkit
Acceptance test output:
2178e6f 
% make testacc TESTARGS='-run=TestAccGuardDuty_serial/Filter' PKG=guardduty
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20  -run=TestAccGuardDuty_serial/Filter -timeout 360m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/Filter
=== RUN   TestAccGuardDuty_serial/Filter/basic
=== RUN   TestAccGuardDuty_serial/Filter/update
=== RUN   TestAccGuardDuty_serial/Filter/tags
=== RUN   TestAccGuardDuty_serial/Filter/disappears
--- PASS: TestAccGuardDuty_serial (172.71s)
    --- PASS: TestAccGuardDuty_serial/Filter (172.71s)
        --- PASS: TestAccGuardDuty_serial/Filter/basic (49.88s)
        --- PASS: TestAccGuardDuty_serial/Filter/update (38.80s)
        --- PASS: TestAccGuardDuty_serial/Filter/tags (58.11s)
        --- PASS: TestAccGuardDuty_serial/Filter/disappears (25.92s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	177.788s
@ewbankkit
Acceptance test output:
497fd2f 
% make testacc TESTARGS='-run=TestAccGuardDuty_serial/DetectorFeature' PKG=guardduty
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20  -run=TestAccGuardDuty_serial/DetectorFeature -timeout 360m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/DetectorFeature
=== RUN   TestAccGuardDuty_serial/DetectorFeature/basic
--- PASS: TestAccGuardDuty_serial (26.71s)
    --- PASS: TestAccGuardDuty_serial/DetectorFeature (26.71s)
        --- PASS: TestAccGuardDuty_serial/DetectorFeature/basic (26.71s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	32.307s
@ewbankkit
Add 'testAccDetectorFeature_additionalConfiguration'.
0f6f312
@ewbankkit
Add 'testAccDetectorFeature_multiple'.
caddb58
@ewbankkit
r/aws_guardduty_detector_feature: Serialize calls to UpdateDetector.
10be4c2
@ewbankkit
Acceptance test output:
5b42786 
% make testacc TESTARGS='-run=TestAccGuardDuty_serial/DetectorFeature/multiple' PKG=guardduty
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20  -run=TestAccGuardDuty_serial/DetectorFeature/multiple -timeout 360m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/DetectorFeature
=== RUN   TestAccGuardDuty_serial/DetectorFeature/multiple
--- PASS: TestAccGuardDuty_serial (62.34s)
    --- PASS: TestAccGuardDuty_serial/DetectorFeature (62.34s)
        --- PASS: TestAccGuardDuty_serial/DetectorFeature/multiple (62.34s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	67.776s
@ewbankkit
Revert "r/aws_guardduty_detector_feature: Serialize calls to UpdateDe…
f48dc59 
…tector."

This reverts commit 10be4c2.
@ewbankkit
Acceptance test output:
b470735 
% make testacc TESTARGS='-run=TestAccGuardDuty_serial/DetectorFeature/multiple' PKG=guardduty
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20  -run=TestAccGuardDuty_serial/DetectorFeature/multiple -timeout 360m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/DetectorFeature
=== RUN   TestAccGuardDuty_serial/DetectorFeature/multiple
--- PASS: TestAccGuardDuty_serial (57.49s)
    --- PASS: TestAccGuardDuty_serial/DetectorFeature (57.49s)
        --- PASS: TestAccGuardDuty_serial/DetectorFeature/multiple (57.49s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	62.908s
@ewbankkit
d/aws_guardduty_detector: Correct 'features' schema.
5577fe9
@ewbankkit
d/aws_guardduty_detector: Tidy up acceptance tests.
cb9532f
@ewbankkit
Acceptance test output:
c720554 
% make testacc TESTARGS='-run=TestAccGuardDuty_serial/^Detector$$/datasource_' PKG=guardduty
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20  -run=TestAccGuardDuty_serial/^Detector$/datasource_ -timeout 360m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/Detector
=== RUN   TestAccGuardDuty_serial/Detector/datasource_basic
=== RUN   TestAccGuardDuty_serial/Detector/datasource_id
--- PASS: TestAccGuardDuty_serial (43.59s)
    --- PASS: TestAccGuardDuty_serial/Detector (43.59s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasource_basic (22.86s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasource_id (20.73s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	48.907s
@ewbankkit ewbankkit added the new-resource Introduces a new resource. label Sep 28, 2023
@github-actions github-actions bot added the generators Relates to code generators. label Sep 28, 2023
@ewbankkit
Copy link
Contributor

ewbankkit commented Sep 28, 2023
edited
Loading

@xxx Thanks for the contribution 🎉 👏.
The solution I came up with is to have a separate aws_guardduty_detector_feature resource that manages a single detector feature.
You would then have one instance of the resource for each feature you want to manage via Terraform.
The aws_guardduty_detector data source will still return a list of all the features.

ewbankkit
ewbankkit approved these changes Sep 28, 2023
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccGuardDuty_serial/Filter' PKG=guardduty
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20  -run=TestAccGuardDuty_serial/Filter -timeout 360m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/Filter
=== RUN   TestAccGuardDuty_serial/Filter/basic
=== RUN   TestAccGuardDuty_serial/Filter/update
=== RUN   TestAccGuardDuty_serial/Filter/tags
=== RUN   TestAccGuardDuty_serial/Filter/disappears
--- PASS: TestAccGuardDuty_serial (172.71s)
    --- PASS: TestAccGuardDuty_serial/Filter (172.71s)
        --- PASS: TestAccGuardDuty_serial/Filter/basic (49.88s)
        --- PASS: TestAccGuardDuty_serial/Filter/update (38.80s)
        --- PASS: TestAccGuardDuty_serial/Filter/tags (58.11s)
        --- PASS: TestAccGuardDuty_serial/Filter/disappears (25.92s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	177.788s
% make testacc TESTARGS='-run=TestAccGuardDuty_serial/^Detector$$/datasource_' PKG=guardduty
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20  -run=TestAccGuardDuty_serial/^Detector$/datasource_ -timeout 360m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/Detector
=== RUN   TestAccGuardDuty_serial/Detector/datasource_basic
=== RUN   TestAccGuardDuty_serial/Detector/datasource_id
--- PASS: TestAccGuardDuty_serial (43.59s)
    --- PASS: TestAccGuardDuty_serial/Detector (43.59s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasource_basic (22.86s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasource_id (20.73s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	48.907s
% make testacc TESTARGS='-run=TestAccGuardDuty_serial/DetectorFeature' PKG=guardduty
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20  -run=TestAccGuardDuty_serial/DetectorFeature -timeout 360m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/DetectorFeature
=== RUN   TestAccGuardDuty_serial/DetectorFeature/multiple
=== RUN   TestAccGuardDuty_serial/DetectorFeature/basic
=== RUN   TestAccGuardDuty_serial/DetectorFeature/additional_configuration
--- PASS: TestAccGuardDuty_serial (142.21s)
    --- PASS: TestAccGuardDuty_serial/DetectorFeature (142.21s)
        --- PASS: TestAccGuardDuty_serial/DetectorFeature/multiple (64.97s)
        --- PASS: TestAccGuardDuty_serial/DetectorFeature/basic (21.23s)
        --- PASS: TestAccGuardDuty_serial/DetectorFeature/additional_configuration (56.00s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	147.222s
% make testacc TESTARGS='-run=TestAccGuardDuty_serial/^Detector$$' PKG=guardduty
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/guardduty/... -v -count 1 -parallel 20  -run=TestAccGuardDuty_serial/^Detector$ -timeout 360m
=== RUN   TestAccGuardDuty_serial
=== PAUSE TestAccGuardDuty_serial
=== CONT  TestAccGuardDuty_serial
=== RUN   TestAccGuardDuty_serial/Detector
=== RUN   TestAccGuardDuty_serial/Detector/tags
=== RUN   TestAccGuardDuty_serial/Detector/datasource_basic
=== RUN   TestAccGuardDuty_serial/Detector/datasource_id
=== RUN   TestAccGuardDuty_serial/Detector/basic
=== RUN   TestAccGuardDuty_serial/Detector/datasources_s3logs
=== RUN   TestAccGuardDuty_serial/Detector/datasources_kubernetes_audit_logs
=== RUN   TestAccGuardDuty_serial/Detector/datasources_malware_protection
=== RUN   TestAccGuardDuty_serial/Detector/datasources_all
--- PASS: TestAccGuardDuty_serial (370.85s)
    --- PASS: TestAccGuardDuty_serial/Detector (370.85s)
        --- PASS: TestAccGuardDuty_serial/Detector/tags (55.58s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasource_basic (21.83s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasource_id (21.22s)
        --- PASS: TestAccGuardDuty_serial/Detector/basic (78.72s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasources_s3logs (39.46s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasources_kubernetes_audit_logs (39.58s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasources_malware_protection (42.37s)
        --- PASS: TestAccGuardDuty_serial/Detector/datasources_all (72.08s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/guardduty	375.899s

This was referenced Sep 29, 2023
Closed
Closed
Closed
@ewbankkit ewbankkit merged commit d91e495 into hashicorp:main Sep 29, 2023
50 checks passed
@github-actions github-actions bot added this to the v5.20.0 milestone Sep 29, 2023
@ringods ringods deleted the b-aws_guardduty_detector-march2023 branch September 29, 2023 13:28
@ewbankkit ewbankkit mentioned this pull request Oct 3, 2023
Open
@github-actions
Copy link

github-actions bot commented Oct 6, 2023

This functionality has been released in v5.20.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@reedloden reedloden mentioned this pull request Oct 6, 2023
Open
@azbpa azbpa mentioned this pull request Oct 9, 2023
Closed
@dpiddock dpiddock mentioned this pull request Oct 9, 2023
Open
@ewbankkit ewbankkit mentioned this pull request Oct 12, 2023
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 6, 2023

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees

@ewbankkit ewbankkit

Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. generators Relates to code generators. new-resource Introduces a new resource. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. service/guardduty Issues and PRs that pertain to the guardduty service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.20.0
5 participants
@ringods @justinretzolk @mcantinqc @ewbankkit @maxvt