changed aws_guardduty_feature additional_configuration from list to set

joelmccoy · joelmccoy · commit 4c458a3cc50d · 2024-04-19T12:54:40.000-05:00
diff --git a/.changelog/36985.txt b/.changelog/36985.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/guardduty_detector_feature: Fixed the additional_configuration block to ignore ordering
+```
diff --git a/internal/service/guardduty/detector_feature.go b/internal/service/guardduty/detector_feature.go
@@ -31,14 +31,12 @@ func ResourceDetectorFeature() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"additional_configuration": {
 				Optional: true,
-				ForceNew: true,
-				Type:     schema.TypeList,
+				Type:     schema.TypeSet,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"name": {
 							Type:         schema.TypeString,
 							Required:     true,
-							ForceNew:     true,
 							ValidateFunc: validation.StringInSlice(guardduty.FeatureAdditionalConfiguration_Values(), false),
 						},
 						"status": {
@@ -79,8 +77,8 @@ func resourceDetectorFeaturePut(ctx context.Context, d *schema.ResourceData, met
 		Status: aws.String(d.Get("status").(string)),
 	}
 
-	if v, ok := d.GetOk("additional_configuration"); ok && len(v.([]interface{})) > 0 {
-		feature.AdditionalConfiguration = expandDetectorAdditionalConfigurations(v.([]interface{}))
+	if v, ok := d.GetOk("additional_configuration"); ok && v.(*schema.Set).Len() > 0 {
+		feature.AdditionalConfiguration = expandDetectorAdditionalConfigurations(v.(*schema.Set).List())
 	}
 
 	input := &guardduty.UpdateDetectorInput{
diff --git a/internal/service/guardduty/detector_feature_test.go b/internal/service/guardduty/detector_feature_test.go
@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
@@ -93,6 +94,55 @@ func testAccDetectorFeature_additionalConfiguration(t *testing.T) {
 	})
 }
 
+func testAccDetectorFeature_additionalConfigurationOrder(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_guardduty_detector_feature.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			testAccPreCheckDetectorNotExists(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.GuardDutyServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             acctest.CheckDestroyNoop,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDetectorFeatureConfig_additionalConfiguration_multiple([]string{"EKS_ADDON_MANAGEMENT", "EC2_AGENT_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT"}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckDetectorFeatureExists(ctx, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "additional_configuration.#", "3"),
+					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "additional_configuration.*",
+						map[string]string{"name": "EKS_ADDON_MANAGEMENT", "status": "ENABLED"}),
+					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "additional_configuration.*",
+						map[string]string{"name": "EC2_AGENT_MANAGEMENT", "status": "ENABLED"}),
+					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "additional_configuration.*",
+						map[string]string{"name": "ECS_FARGATE_AGENT_MANAGEMENT", "status": "ENABLED"}),
+				),
+			},
+			{
+				// Change the order of the additional_configuration blocks and ensure that there is an empty plan
+				Config: testAccDetectorFeatureConfig_additionalConfiguration_multiple([]string{"EC2_AGENT_MANAGEMENT", "ECS_FARGATE_AGENT_MANAGEMENT", "EKS_ADDON_MANAGEMENT"}),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectEmptyPlan(),
+					},
+				},
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckDetectorFeatureExists(ctx, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "additional_configuration.#", "3"),
+					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "additional_configuration.*",
+						map[string]string{"name": "EKS_ADDON_MANAGEMENT", "status": "ENABLED"}),
+					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "additional_configuration.*",
+						map[string]string{"name": "EC2_AGENT_MANAGEMENT", "status": "ENABLED"}),
+					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "additional_configuration.*",
+						map[string]string{"name": "ECS_FARGATE_AGENT_MANAGEMENT", "status": "ENABLED"}),
+				),
+			},
+		},
+	})
+}
+
 func testAccDetectorFeature_multiple(t *testing.T) {
 	ctx := acctest.Context(t)
 	resource1Name := "aws_guardduty_detector_feature.test1"
@@ -211,6 +261,35 @@ resource "aws_guardduty_detector_feature" "test" {
 `, featureStatus, additionalConfigurationStatus)
 }
 
+func testAccDetectorFeatureConfig_additionalConfiguration_multiple(configNames []string) string {
+	return fmt.Sprintf(`
+resource "aws_guardduty_detector" "test" {
+  enable = true
+}
+
+resource "aws_guardduty_detector_feature" "test" {
+  detector_id = aws_guardduty_detector.test.id
+  name        = "RUNTIME_MONITORING"
+  status      = "ENABLED" 
+
+  additional_configuration {
+    name   = %[1]q
+    status = "ENABLED"
+  }
+
+  additional_configuration {
+    name   = %[2]q
+    status = "ENABLED"
+  }
+
+  additional_configuration {
+    name   = %[3]q
+    status = "ENABLED"
+  }
+}
+`, configNames[0], configNames[1], configNames[2])
+}
+
 func testAccDetectorFeatureConfig_multiple(status1, status2, status3 string) string {
 	return fmt.Sprintf(`
 resource "aws_guardduty_detector" "test" {
diff --git a/internal/service/guardduty/guardduty_test.go b/internal/service/guardduty/guardduty_test.go
@@ -29,9 +29,10 @@ func TestAccGuardDuty_serial(t *testing.T) {
 			"datasource_id":                     testAccDetectorDataSource_ID,
 		},
 		"DetectorFeature": {
-			"basic":                    testAccDetectorFeature_basic,
-			"additional_configuration": testAccDetectorFeature_additionalConfiguration,
-			"multiple":                 testAccDetectorFeature_multiple,
+			"basic":                          testAccDetectorFeature_basic,
+			"additional_configuration":       testAccDetectorFeature_additionalConfiguration,
+			"additional_configuration_order": testAccDetectorFeature_additionalConfigurationOrder,
+			"multiple":                       testAccDetectorFeature_multiple,
 		},
 		"Filter": {
 			"basic":      testAccFilter_basic,

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:bug
	`2`	`+resource/guardduty_detector_feature: Fixed the additional_configuration block to ignore ordering`
	`3`	+```