r/aws_fms_policy - add description

.changelog/29926.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_fms_policy: Add `description` argument
+```

internal/service/fms/policy.go

@@ -50,6 +50,10 @@ func ResourcePolicy() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+			"description": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 			"exclude_resource_tags": {
 				Type:     schema.TypeBool,
 				Required: true,
@@ -295,21 +299,26 @@ func FindPolicyByID(ctx context.Context, conn *fms.FMS, id string) (*fms.GetPoli
 func resourcePolicyFlattenPolicy(d *schema.ResourceData, resp *fms.GetPolicyOutput) error {
 	d.Set("arn", resp.PolicyArn)
 
-	d.Set("name", resp.Policy.PolicyName)
+	d.Set("delete_unused_fm_managed_resources", resp.Policy.DeleteUnusedFMManagedResources)
+	d.Set("description", resp.Policy.PolicyDescription)
 	d.Set("exclude_resource_tags", resp.Policy.ExcludeResourceTags)
+	d.Set("name", resp.Policy.PolicyName)
+	d.Set("policy_update_token", resp.Policy.PolicyUpdateToken)
+	d.Set("remediation_enabled", resp.Policy.RemediationEnabled)
+	d.Set("resource_type", resp.Policy.ResourceType)
+
 	if err := d.Set("exclude_map", flattenPolicyMap(resp.Policy.ExcludeMap)); err != nil {
 		return fmt.Errorf("setting exclude_map: %w", err)
 	}
+
 	if err := d.Set("include_map", flattenPolicyMap(resp.Policy.IncludeMap)); err != nil {
 		return fmt.Errorf("setting include_map: %w", err)
 	}
-	d.Set("remediation_enabled", resp.Policy.RemediationEnabled)
+
 	if err := d.Set("resource_type_list", resp.Policy.ResourceTypeList); err != nil {
 		return fmt.Errorf("setting resource_type_list: %w", err)
 	}
-	d.Set("delete_unused_fm_managed_resources", resp.Policy.DeleteUnusedFMManagedResources)
-	d.Set("resource_type", resp.Policy.ResourceType)
-	d.Set("policy_update_token", resp.Policy.PolicyUpdateToken)
+
 	if err := d.Set("resource_tags", flattenResourceTags(resp.Policy.ResourceTags)); err != nil {
 		return fmt.Errorf("setting resource_tags: %w", err)
 	}
@@ -318,6 +327,7 @@ func resourcePolicyFlattenPolicy(d *schema.ResourceData, resp *fms.GetPolicyOutp
 		"type":                 *resp.Policy.SecurityServicePolicyData.Type,
 		"managed_service_data": *resp.Policy.SecurityServicePolicyData.ManagedServiceData,
 	}}
+
 	if err := d.Set("security_service_policy_data", securityServicePolicy); err != nil {
 		return fmt.Errorf("setting security_service_policy_data: %w", err)
 	}
@@ -333,12 +343,13 @@ func resourcePolicyExpandPolicy(d *schema.ResourceData) *fms.Policy {
 	}
 
 	fmsPolicy := &fms.Policy{
+		DeleteUnusedFMManagedResources: aws.Bool(d.Get("delete_unused_fm_managed_resources").(bool)),
+		ExcludeResourceTags:            aws.Bool(d.Get("exclude_resource_tags").(bool)),
+		PolicyDescription:              aws.String(d.Get("description").(string)),
 		PolicyName:                     aws.String(d.Get("name").(string)),
 		RemediationEnabled:             aws.Bool(d.Get("remediation_enabled").(bool)),
 		ResourceType:                   resourceType,
 		ResourceTypeList:               resourceTypeList,
-		ExcludeResourceTags:            aws.Bool(d.Get("exclude_resource_tags").(bool)),
-		DeleteUnusedFMManagedResources: aws.Bool(d.Get("delete_unused_fm_managed_resources").(bool)),
 	}
 
 	if d.Id() != "" {

internal/service/fms/policy_test.go

@@ -37,6 +37,7 @@ func testAccPolicy_basic(t *testing.T) {
 					testAccCheckPolicyExists(ctx, resourceName),
 					acctest.CheckResourceAttrRegionalARNIgnoreRegionAndAccount(resourceName, "arn", "fms", "policy/.+"),
 					resource.TestCheckResourceAttr(resourceName, "delete_unused_fm_managed_resources", "false"),
+					resource.TestCheckResourceAttr(resourceName, "description", "test description"),
 					resource.TestCheckResourceAttr(resourceName, "name", rName),
 					resource.TestCheckResourceAttr(resourceName, "security_service_policy_data.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
@@ -284,6 +285,7 @@ func testAccPolicyConfig_basic(policyName, ruleGroupName string) string {
 resource "aws_fms_policy" "test" {
   exclude_resource_tags = false
   name                  = %[1]q
+  description           = "test description"
   remediation_enabled   = false
   resource_type_list    = ["AWS::ElasticLoadBalancingV2::LoadBalancer"]
 

website/docs/r/fms_policy.html.markdown

@@ -55,6 +55,7 @@ The following arguments are supported:
 * `name` - (Required, Forces new resource) The friendly name of the AWS Firewall Manager Policy.
 * `delete_all_policy_resources` - (Optional) If true, the request will also perform a clean-up process. Defaults to `true`. More information can be found here [AWS Firewall Manager delete policy](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_DeletePolicy.html)
 * `delete_unused_fm_managed_resources` - (Optional) If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to `false`. More information can be found here [AWS Firewall Manager policy contents](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_Policy.html)
+* `description` - (Optional) The definition of the AWS Network Firewall firewall policy.
 * `exclude_map` - (Optional) A map of lists of accounts and OU's to exclude from the policy.
 * `exclude_resource_tags` - (Required, Forces new resource) A boolean value, if true the tags that are specified in the `resource_tags` are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
 * `include_map` - (Optional) A map of lists of accounts and OU's to include in the policy.