resource/aws_networkfirewall_rule_group: mandatory params are optional in the code and documentation

[toddlers]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

terraform  --version
Terraform v0.13.5
+ provider registry.terraform.io/hashicorp/aws v3.18.0

Affected Resource(s)

• aws_networkfirewall_rule_group

Terraform Configuration Files

resource "aws_networkfirewall_rule_group" "deny-http" {
  capacity = 100
  name     = "deny-http"
  type     = "STATEFUL"
  rule_group {
    rules_source {
      stateful_rule {
        action = "DROP"
        header {
          direction        = "ANY"
        }
        rule_option {
          keyword = "sid:1"
        }
      }
    }
  }

  tags = {
    "Name" = "deny-http"
  }
}

Debug Output

https://gist.github.com/toddlers/e09c6432d7ed4c283336b08cdbe7cc47

Expected Behavior

According to the AWS Network Firewall API Reference[1], they are mandatory params.

Actual Behavior

As per the docs[2] and code[3], they are optional but actually, they are not as per the AWS Network Firewall API Reference[1]

Steps to Reproduce

1. terraform apply

Error while applying

Error: error creating NetworkFirewall Rule Group deny-http: InvalidParameter: 5 validation error(s) found.
- missing required field, CreateRuleGroupInput.RuleGroup.RulesSource.StatefulRules[0].Header.Destination.
- missing required field, CreateRuleGroupInput.RuleGroup.RulesSource.StatefulRules[0].Header.DestinationPort.
- missing required field, CreateRuleGroupInput.RuleGroup.RulesSource.StatefulRules[0].Header.Protocol.
- missing required field, CreateRuleGroupInput.RuleGroup.RulesSource.StatefulRules[0].Header.Source.
- missing required field, CreateRuleGroupInput.RuleGroup.RulesSource.StatefulRules[0].Header.SourcePort.



2020-11-27T21:19:38.301+0100 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2020-11-27T21:19:38.304+0100 [DEBUG] plugin: plugin process exited: path=.terraform/plugins/registry.terraform.io/hashicorp/aws/3.18.0/darwin_amd64/terraform-provider-aws_v3.18.0_x5 pid=61789
2020-11-27T21:19:38.304+0100 [DEBUG] plugin: plugin exited

References

[1] https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_Header.html#networkfirewall-Type-Header-Destination
[2]https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_rule_group#header
[3]https://github.com/hashicorp/terraform-provider-aws/blob/master/aws/resource_aws_networkfirewall_rule_group.go

[anGie44]

Hi @toddlers, the documentation and schema changes have been merged and will release with v3.20.0 of the Terraform AWS Provider.

[ghost]

This has been released in version 3.20.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!