Merge pull request #25496 from silvaalbert/f-resolver-firewall-config

add data source aws_route53_resolver_firewall_config

Author: ewbankkit

.changelog/25496.txt

@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_route53_resolver_firewall_config
+```

internal/provider/provider.go

@@ -846,9 +846,10 @@ func New(_ context.Context) (*schema.Provider, error) {
 			"aws_route53_traffic_policy_document": route53.DataSourceTrafficPolicyDocument(),
 			"aws_route53_zone":                    route53.DataSourceZone(),
 
-			"aws_route53_resolver_endpoint": route53resolver.DataSourceEndpoint(),
-			"aws_route53_resolver_rule":     route53resolver.DataSourceRule(),
-			"aws_route53_resolver_rules":    route53resolver.DataSourceRules(),
+			"aws_route53_resolver_endpoint":        route53resolver.DataSourceEndpoint(),
+			"aws_route53_resolver_firewall_config": route53resolver.DataSourceFirewallConfig(),
+			"aws_route53_resolver_rule":            route53resolver.DataSourceRule(),
+			"aws_route53_resolver_rules":           route53resolver.DataSourceRules(),
 
 			"aws_canonical_user_id": s3.DataSourceCanonicalUserID(),
 			"aws_s3_bucket":         s3.DataSourceBucket(),

internal/service/route53resolver/firewall_config_data_source.go

@@ -0,0 +1,54 @@
+package route53resolver
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/route53resolver"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+)
+
+func DataSourceFirewallConfig() *schema.Resource {
+	return &schema.Resource{
+		ReadWithoutTimeout: dataSourceFirewallConfigRead,
+
+		Schema: map[string]*schema.Schema{
+			"firewall_fail_open": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"owner_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"resource_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+		},
+	}
+}
+
+func dataSourceFirewallConfigRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*conns.AWSClient).Route53ResolverConn
+
+	input := &route53resolver.GetFirewallConfigInput{
+		ResourceId: aws.String(d.Get("resource_id").(string)),
+	}
+
+	output, err := conn.GetFirewallConfigWithContext(ctx, input)
+
+	if err != nil {
+		return diag.Errorf("reading Route53 Resolver Firewall Config: %s", err)
+	}
+
+	firewallConfig := output.FirewallConfig
+	d.SetId(aws.StringValue(firewallConfig.Id))
+	d.Set("firewall_fail_open", firewallConfig.FirewallFailOpen)
+	d.Set("owner_id", firewallConfig.OwnerId)
+	d.Set("resource_id", firewallConfig.ResourceId)
+
+	return nil
+}

internal/service/route53resolver/firewall_config_data_source_test.go

@@ -0,0 +1,56 @@
+package route53resolver_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/route53resolver"
+	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+)
+
+func TestAccRoute53ResolverFirewallConfigDataSource_basic(t *testing.T) {
+	dataSourceName := "data.aws_route53_resolver_firewall_config.test"
+	resourceName := "aws_route53_resolver_firewall_config.test"
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(t); testAccPreCheck(t) },
+		ErrorCheck:               acctest.ErrorCheck(t, route53resolver.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFirewallConfigDataSourceConfig_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, "firewall_fail_open", resourceName, "firewall_fail_open"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "owner_id", resourceName, "owner_id"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "resource_id", resourceName, "resource_id"),
+				),
+			},
+		},
+	})
+}
+
+func testAccFirewallConfigDataSourceConfig_basic(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_vpc" "test" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+
+  tags = {
+    Name = %[1]q
+  }
+}
+
+resource "aws_route53_resolver_firewall_config" "test" {
+  resource_id        = aws_vpc.test.id
+  firewall_fail_open = "ENABLED"
+}
+
+data "aws_route53_resolver_firewall_config" "test" {
+  resource_id = aws_vpc.test.id
+}
+`, rName)
+}

website/docs/d/route53_resolver_firewall_config.html.markdown

@@ -0,0 +1,33 @@
+---
+subcategory: "Route 53 Resolver"
+layout: "aws"
+page_title: "AWS: aws_route53_resolver_firewall_config"
+description: |-
+    Provides details about a specific a Route 53 Resolver DNS Firewall config.
+---
+
+# Data Source: aws_route53_resolver_firewall_config
+
+`aws_route53_resolver_firewall_config` provides details about a specific a Route 53 Resolver DNS Firewall config.
+
+This data source allows to find a details about a specific a Route 53 Resolver DNS Firewall config.
+
+## Example Usage
+
+The following example shows how to get a firewall config using the VPC ID.
+
+```terraform
+data "aws_route53_resolver_firewall_config" "example" {
+  resource_id = "vpc-exampleid"
+}
+```
+
+## Argument Reference
+
+* `resource_id` - (Required) The ID of the VPC from Amazon VPC that the configuration is for.
+
+The following attribute is additionally exported:
+
+* `firewall_fail_open` - Determines how DNS Firewall operates during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply.
+* `id` - The ID of the firewall configuration.
+* `owner_id` - The Amazon Web Services account ID of the owner of the VPC that this firewall configuration applies to.