feature(config): manage AWS Config Remediation Configuration

[andy-b-84]

Answering #7972
This is my 1st go development ever, so please feel free to tell me if I
did something in a bad way, which is most probable :)

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Fixes #7972

Release note for CHANGELOG:

Add support for AWS Config Remediation Configuration objects

Output from acceptance testing: (ran on a docker container with image golang:1.12.9-buster )

root@b12d15607224:/src# make testacc TESTARGS='-run=TestAccXXX'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -parallel 20 -run=TestAccXXX -timeout 120m
?       github.com/terraform-providers/terraform-provider-aws   [no test files]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       0.046s [no tests to run]
...

[andy-b-84]

I'm starting to write acceptance tests ATM (and just saw Travis' failure, which I will fix ASAP)

[andy-b-84]

I've read through https://github.com/terraform-providers/terraform-provider-aws/blob/master/.github/CONTRIBUTING.md#common-review-items , and aside from points Uses AWS Go SDK Constants & Uses TypeList and MaxItems: 1 , I think I got all of them right.
Thus I delete the [WIP] flag and go on for validation.

[andy-b-84]

Note for the maintainers :
I messed up something in my go environment, I cannot run the tests on my machine anymore, neither with the make test command nor the go test command. If you could launch the make testacc TESTARGS='-run=TestAccXXX' you're talking about in the PR template, please, that would be great.

[andy-b-84]

(force pushed because of a rebase on upstream)

[andy-b-84]

I see you just added the code to support Organizations in AWS Config, @bflad .
Do you have any advice on my PR, or could you please paste the "Output from acceptance testing", as I cannot run this command on my computer?

[bflad]

Hey @andy-b-84 👋 Thank you for contributing this! We will certainly want to get support for this new resource added at some point.

I can provide you a quick review (a few minutes behind this comment) and potentially try and help troubleshoot your local Go environment here, but unfortunately at this time the maintainers are pretty backlogged. We would prefer that contributors can appropriately run their own acceptance testing if possible as it saves a lot of small back-and-forth GitHub interactions for troubleshooting and reviews. 😅 We can certainly try to answer specific questions when time permits though.

It would be super helpful to know what operating system you are using, how Go was installed, which version of Go, and what errors you are seeing when running make test (these need to be fixed first) and make testacc.

For general assistance just beyond folks who may be able to help you on GitHub here, there are also other potentially helpful resources for Terraform Provider/Go development including the community forums or Slack workspaces such as the Gophers Slack.

[bflad]

Hi @andy-b-84 👋 As promised, here is an initial review of the submitted code. Please reach out with any questions or if you do not have time to implement the feedback items.

Please also let us know about your testing issues or if you would prefer to discuss them in another forum. Thanks.

[andy-b-84]

Thanks for the extensive review and proposed help for my dev environment @bflad , and sorry to answer only now : as you may have guessed I was on vacation :)
I'm going to go through all of this ASAP.

[andy-b-84]

I started a thread on gophers#newbies : https://gophers.slack.com/archives/C02A8LZKT/p1566895456146900 in order to get help getting my environment working.

[andy-b-84]

I'd like to add terraform-providers/aws-provider as a reviewer, but I don't have the Add reviewer button on top of the reviewers list

[shannonrdunn]

What happened with this? Would love to see this implemented.

[sleerssen]

Would love to see this in a release.

[giuliocalzolari]

Would awesome to have this feature

[gdavison]

Hi @andy-b-84, thanks for the contribution! And thanks for your patience with our delay in getting back to you.

In the time since you made the PR, we've changed a number of things internally in our code. One major change is that the schema and resource definitions have move to their own SDK. The best approach would be to rebase your code onto the current provider and use the updated plugin SDK.

I've made a number of other suggestions if you want to continue working on this or if you'd like us to complete it. If not, we understand. Let us know in a reply here. I'll check back by 24 June

[gdavison]

We prefer that the resource schema function (i.e. resourceAwsConfigRemediationConfiguration()) is at the top of the file

[gdavison]

We prefer named constants for timeout values

[gdavison]

We've started adding one last try after resource.Retry() in case of a timeout.

if isResourceTimeoutError(err) {
	_, err = conn.PutRemediationConfigurations(&input)
}

[gdavison]

We've separated the resource and schema functions into their own package, github.com/hashicorp/terraform-plugin-sdk/helper/*. Please update to use those packages.

[gdavison]

This could be inlined, something like

results[staticValue["key"]] = &configservice.RemediationParameterValue{
    StaticValue: &configservice.StaticValue{
        Values: []*string{aws.String(staticValue["value"])},
    },
}

[gdavison]

Since this field only accepts a specific list of values, we should list the valid values. In this case, there's only one valid value, so it could read "The only current valid value is SSM_DOCUMENT"

[gdavison]

We should add an entry for parameters here at the top level, and have a description like "Up to 25 parameter blocks. Parameters are documented below."

[gdavison]

This heading should read "A parameters block supports the following arguments:"

[gdavison]

For examples in the documentation, it's better for them to be short so that the essential parts are more obvious. In this case, we'd be ok to remove the IAM resources, or possibly leave the definition but remove the attributes. It does have the trade-off that these long examples aren't executable as-is.

[gdavison]

If we set the config_rule_name of the remediation to the name valueof the rule, then we can get the built-in Terraform dependency management without usingdepends_on`

[mikeokner]

I'm open to picking up the torch if necessary here.

[cgetzen]

Hello. I had to get this rolling quick for my org. This is rebased and added too. This is everything squashed (I figured there may be an issue with signing Andy's rebased commits with my key).

Feel free to merge either, or cherry-pick changes over to this PR, or just use my changes as refs. Thank you and looking forward to easily creating remediation configs :)

[gdavison]

This work was completed in #13884. Thanks, @andy-b-84 and @cgetzen!

[ghost]

This has been released in version 3.7.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!