Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: FMS policy does not support multiple tags with same key but different value due to map type #41201

Open
wites342 opened this issue Feb 3, 2025 · 1 comment
Open

[Bug]: FMS policy does not support multiple tags with same key but different value due to map type #41201

wites342 opened this issue Feb 3, 2025 · 1 comment
Labels
bug Addresses a defect in current functionality. service/fms Issues and PRs that pertain to the fms service.

Comments

@wites342
Copy link

wites342 commented Feb 3, 2025
edited
Loading

Terraform Core Version

v1.10.5

AWS Provider Version

v5.84.0

Affected Resource(s)

aws_fms_policy

Terraform Configuration Files

resource "aws_fms_policy" "default" {
  name                               = "test-policy"
  exclude_resource_tags              = false
  remediation_enabled                = true
  delete_unused_fm_managed_resources = true
  resource_type_list                 = ["AWS::ElasticLoadBalancingV2::LoadBalancer"]
  resource_tags                      = {
    waf = "x1",
    waf = "x2",
    waf = "x3"
  }


  security_service_policy_data {
    type = "WAFV2"

    managed_service_data = jsonencode({
      type                                    = "WAFV2"
      sampledRequestsEnabledForDefaultActions = null
      preProcessRuleGroups                    = [{
    ruleGroupArn  = null
    ruleGroupType = "ManagedRuleGroup"
    overrideAction = {
      type = "NONE"
    }
    managedRuleGroupIdentifier = {
      vendorName           = "AWS"
      managedRuleGroupName = "AWSManagedRulesAmazonIpReputationList"
      version              = null
      versionEnabled       = null
    }
    sampledRequestsEnabled = null
    excludeRules           = null

  }]
      postProcessRuleGroups                   = []
      defaultAction = {
        type = "Allow"
      }
      overrideCustomerWebACLAssociation = false
      loggingConfiguration = {
        logDestinationConfigs = null
        loggingFilterConfigs  = null
        redactedFields        = []
      }
    })
  }



  tags = {
    Name = "test-policy"
  }
}

Expected Behavior

I was expecting to have listed all resource_tags defined. Also duplicated

Actual Behavior

It only lists last value of given tag key in the map and ommits all previous

Steps to Reproduce

Run terraform plan with given terraform config input

Important Factoids

Terraform plan:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_fms_policy.default will be created
  + resource "aws_fms_policy" "default" {
      + arn                                = (known after apply)
      + delete_all_policy_resources        = true
      + delete_unused_fm_managed_resources = true
      + exclude_resource_tags              = false
      + id                                 = (known after apply)
      + name                               = "test-policy"
      + policy_update_token                = (known after apply)
      + remediation_enabled                = true
      + resource_tags                      = {
          + "waf" = "x3"
        }
      + resource_type                      = (known after apply)
      + resource_type_list                 = [
          + "AWS::ElasticLoadBalancingV2::LoadBalancer",
        ]
      + tags                               = {
          + "Name" = "test-policy"
        }
      + tags_all                           = {
          + "Name" = "test-policy"
        }

      + security_service_policy_data {
          + managed_service_data = jsonencode(
                {
                  + defaultAction                           = {
                      + type = "Allow"
                    }
                  + loggingConfiguration                    = {
                      + logDestinationConfigs = null
                      + loggingFilterConfigs  = null
                      + redactedFields        = []
                    }
                  + overrideCustomerWebACLAssociation       = false
                  + postProcessRuleGroups                   = []
                  + preProcessRuleGroups                    = [
                      + {
                          + excludeRules               = null
                          + managedRuleGroupIdentifier = {
                              + managedRuleGroupName = "AWSManagedRulesAmazonIpReputationList"
                              + vendorName           = "AWS"
                              + version              = null
                              + versionEnabled       = null
                            }
                          + overrideAction             = {
                              + type = "NONE"
                            }
                          + ruleGroupArn               = null
                          + ruleGroupType              = "ManagedRuleGroup"
                          + sampledRequestsEnabled     = null
                        },
                    ]
                  + sampledRequestsEnabledForDefaultActions = null
                  + type                                    = "WAFV2"
                }
            )
          + type                 = "WAFV2"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

References

Already mentioned in #25880 but closed

Would you like to implement a fix?

None
@wites342 wites342 added the bug Addresses a defect in current functionality. label Feb 3, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 3, 2025

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added service/fms Issues and PRs that pertain to the fms service. needs-triage Waiting for first response or review from a maintainer. labels Feb 3, 2025
@justinretzolk justinretzolk removed the needs-triage Waiting for first response or review from a maintainer. label Feb 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/fms Issues and PRs that pertain to the fms service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@justinretzolk @wites342