Skip to content

resource/aws_wafv2_web_acl_logging_configuration: Fix redacted_fields removal not detected#47409

Open
kyama0 wants to merge 2 commits intohashicorp:mainfrom
kyama0:b-wafv2-web-acl-logging-redacted-fields-removal
Open

resource/aws_wafv2_web_acl_logging_configuration: Fix redacted_fields removal not detected#47409
kyama0 wants to merge 2 commits intohashicorp:mainfrom
kyama0:b-wafv2-web-acl-logging-redacted-fields-removal

Conversation

@kyama0
Copy link
Copy Markdown

@kyama0 kyama0 commented Apr 12, 2026
edited
Loading

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the library.

Changes to Security Controls

No changes to security controls in this pull request.

Description

When removing all redacted_fields blocks from aws_wafv2_web_acl_logging_configuration, Terraform did not detect the change and the redacted fields remained on the WAF.

This was caused by d.GetChange() returning stale data on the "new" side for nested TypeList attributes during DiffSuppressFunc evaluation, causing the Set comparison to incorrectly report no diff.

The fix detects full removal using the raw DiffSuppressFunc parameters (k, old, new) instead of relying on d.GetChange().

Relations

Closes #41778

Output from Acceptance Testing

% make testacc TESTS='TestAccWAFV2WebACLLoggingConfiguration_.*[Rr]edacted' PKG=wafv2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
make: Running acceptance tests on branch: 🌿 b-wafv2-web-acl-logging-redacted-fields-removal 🌿...
TF_ACC=1 go1.25.9 test ./internal/service/wafv2/... -v -count 1 -parallel 20 -run='TestAccWAFV2WebACLLoggingConfiguration_.*[Rr]edacted'  -timeout 360m -vet=off
2026/04/12 10:50:28 Creating Terraform AWS Provider (SDKv2-style)...
2026/04/12 10:50:28 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccWAFV2WebACLLoggingConfiguration_updateSingleHeaderRedactedField
=== PAUSE TestAccWAFV2WebACLLoggingConfiguration_updateSingleHeaderRedactedField
=== RUN   TestAccWAFV2WebACLLoggingConfiguration_updateMethodRedactedField
=== PAUSE TestAccWAFV2WebACLLoggingConfiguration_updateMethodRedactedField
=== RUN   TestAccWAFV2WebACLLoggingConfiguration_updateQueryStringRedactedField
=== PAUSE TestAccWAFV2WebACLLoggingConfiguration_updateQueryStringRedactedField
=== RUN   TestAccWAFV2WebACLLoggingConfiguration_updateURIPathRedactedField
=== PAUSE TestAccWAFV2WebACLLoggingConfiguration_updateURIPathRedactedField
=== RUN   TestAccWAFV2WebACLLoggingConfiguration_updateMultipleRedactedFields
=== PAUSE TestAccWAFV2WebACLLoggingConfiguration_updateMultipleRedactedFields
=== RUN   TestAccWAFV2WebACLLoggingConfiguration_emptyRedactedFields
=== PAUSE TestAccWAFV2WebACLLoggingConfiguration_emptyRedactedFields
=== RUN   TestAccWAFV2WebACLLoggingConfiguration_updateEmptyRedactedFields
=== PAUSE TestAccWAFV2WebACLLoggingConfiguration_updateEmptyRedactedFields
=== RUN   TestAccWAFV2WebACLLoggingConfiguration_removeRedactedFields
=== PAUSE TestAccWAFV2WebACLLoggingConfiguration_removeRedactedFields
=== CONT  TestAccWAFV2WebACLLoggingConfiguration_updateSingleHeaderRedactedField
=== CONT  TestAccWAFV2WebACLLoggingConfiguration_updateMultipleRedactedFields
=== CONT  TestAccWAFV2WebACLLoggingConfiguration_removeRedactedFields
=== CONT  TestAccWAFV2WebACLLoggingConfiguration_emptyRedactedFields
=== CONT  TestAccWAFV2WebACLLoggingConfiguration_updateURIPathRedactedField
=== CONT  TestAccWAFV2WebACLLoggingConfiguration_updateQueryStringRedactedField
=== CONT  TestAccWAFV2WebACLLoggingConfiguration_updateMethodRedactedField
=== CONT  TestAccWAFV2WebACLLoggingConfiguration_updateEmptyRedactedFields
--- PASS: TestAccWAFV2WebACLLoggingConfiguration_emptyRedactedFields (234.26s)
--- PASS: TestAccWAFV2WebACLLoggingConfiguration_updateMethodRedactedField (323.59s)
--- PASS: TestAccWAFV2WebACLLoggingConfiguration_removeRedactedFields (343.76s)
--- PASS: TestAccWAFV2WebACLLoggingConfiguration_updateURIPathRedactedField (343.91s)
--- PASS: TestAccWAFV2WebACLLoggingConfiguration_updateEmptyRedactedFields (344.33s)
--- PASS: TestAccWAFV2WebACLLoggingConfiguration_updateQueryStringRedactedField (353.12s)
--- PASS: TestAccWAFV2WebACLLoggingConfiguration_updateSingleHeaderRedactedField (389.99s)
--- PASS: TestAccWAFV2WebACLLoggingConfiguration_updateMultipleRedactedFields (398.08s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/wafv2      398.430s

@kyama0 kyama0 requested a review from a team as a code owner April 12, 2026 02:34
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 12, 2026

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@dosubot dosubot Bot added the bug Addresses a defect in current functionality. label Apr 12, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 12, 2026
edited
Loading

✅ Thank you for correcting the previously detected issues! The maintainers appreciate your efforts to make the review process as smooth as possible.

@github-actions github-actions Bot added needs-triage Waiting for first response or review from a maintainer. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/wafv2 Issues and PRs that pertain to the wafv2 service. size/S Managed by automation to categorize the size of a PR. labels Apr 12, 2026
@justinretzolk justinretzolk removed the needs-triage Waiting for first response or review from a maintainer. label Apr 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Addresses a defect in current functionality. service/wafv2 Issues and PRs that pertain to the wafv2 service. size/S Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: AWS WAFv2 Web ACL Logging - Redacted Fields Removal

2 participants

@kyama0 @justinretzolk