Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add import support for aws_waf_xss_match_set resource #10485

Merged
merged 4 commits into from
Nov 15, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion aws/resource_aws_waf_xss_match_set.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"log"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/arn"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/waf"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
Expand All @@ -16,13 +17,20 @@ func resourceAwsWafXssMatchSet() *schema.Resource {
Read: resourceAwsWafXssMatchSetRead,
Update: resourceAwsWafXssMatchSetUpdate,
Delete: resourceAwsWafXssMatchSetDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},

Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"arn": {
Type: schema.TypeString,
Computed: true,
},
"xss_match_tuples": {
Type: schema.TypeSet,
Optional: true,
Expand Down Expand Up @@ -89,7 +97,7 @@ func resourceAwsWafXssMatchSetRead(d *schema.ResourceData, meta interface{}) err

resp, err := conn.GetXssMatchSet(params)
if err != nil {
if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" {
if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == waf.ErrCodeNonexistentItemException {
log.Printf("[WARN] WAF IPSet (%s) not found, removing from state", d.Id())
d.SetId("")
return nil
Expand All @@ -101,6 +109,14 @@ func resourceAwsWafXssMatchSetRead(d *schema.ResourceData, meta interface{}) err
d.Set("name", resp.XssMatchSet.Name)
d.Set("xss_match_tuples", flattenWafXssMatchTuples(resp.XssMatchSet.XssMatchTuples))

arn := arn.ARN{
Partition: meta.(*AWSClient).partition,
Service: "waf",
AccountID: meta.(*AWSClient).accountid,
Resource: fmt.Sprintf("xssmatchset/%s", d.Id()),
}
d.Set("arn", arn.String())

return nil
}

Expand Down
151 changes: 71 additions & 80 deletions aws/resource_aws_waf_xss_match_set_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package aws

import (
"fmt"
"regexp"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
Expand All @@ -16,6 +17,7 @@ import (
func TestAccAWSWafXssMatchSet_basic(t *testing.T) {
var v waf.XssMatchSet
xssMatchSet := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5))
resourceName := "aws_waf_xss_match_set.xss_match_set"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
Expand All @@ -25,29 +27,25 @@ func TestAccAWSWafXssMatchSet_basic(t *testing.T) {
{
Config: testAccAWSWafXssMatchSetConfig(xssMatchSet),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &v),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "name", xssMatchSet),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.2316364334.data", ""),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.2316364334.type", "QUERY_STRING"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.text_transformation", "NONE"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.3756326843.data", ""),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.3756326843.type", "URI"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.text_transformation", "NONE"),
testAccCheckAWSWafXssMatchSetExists(resourceName, &v),
testAccMatchResourceAttrGlobalARN(resourceName, "arn", "waf", regexp.MustCompile(`xssmatchset/.+`)),
resource.TestCheckResourceAttr(resourceName, "name", xssMatchSet),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.#", "2"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2018581549.field_to_match.#", "1"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2018581549.field_to_match.2316364334.data", ""),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2018581549.field_to_match.2316364334.type", "QUERY_STRING"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2018581549.text_transformation", "NONE"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2786024938.field_to_match.#", "1"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2786024938.field_to_match.3756326843.data", ""),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2786024938.field_to_match.3756326843.type", "URI"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2786024938.text_transformation", "NONE"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}
Expand All @@ -56,6 +54,7 @@ func TestAccAWSWafXssMatchSet_changeNameForceNew(t *testing.T) {
var before, after waf.XssMatchSet
xssMatchSet := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5))
xssMatchSetNewName := fmt.Sprintf("xssMatchSetNewName-%s", acctest.RandString(5))
resourceName := "aws_waf_xss_match_set.xss_match_set"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
Expand All @@ -65,30 +64,32 @@ func TestAccAWSWafXssMatchSet_changeNameForceNew(t *testing.T) {
{
Config: testAccAWSWafXssMatchSetConfig(xssMatchSet),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &before),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "name", xssMatchSet),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"),
testAccCheckAWSWafXssMatchSetExists(resourceName, &before),
resource.TestCheckResourceAttr(resourceName, "name", xssMatchSet),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.#", "2"),
),
},
{
Config: testAccAWSWafXssMatchSetConfigChangeName(xssMatchSetNewName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &after),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "name", xssMatchSetNewName),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"),
testAccCheckAWSWafXssMatchSetExists(resourceName, &after),
resource.TestCheckResourceAttr(resourceName, "name", xssMatchSetNewName),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.#", "2"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccAWSWafXssMatchSet_disappears(t *testing.T) {
var v waf.XssMatchSet
xssMatchSet := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5))
resourceName := "aws_waf_xss_match_set.xss_match_set"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
Expand All @@ -98,7 +99,7 @@ func TestAccAWSWafXssMatchSet_disappears(t *testing.T) {
{
Config: testAccAWSWafXssMatchSetConfig(xssMatchSet),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &v),
testAccCheckAWSWafXssMatchSetExists(resourceName, &v),
testAccCheckAWSWafXssMatchSetDisappears(&v),
),
ExpectNonEmptyPlan: true,
Expand All @@ -110,6 +111,7 @@ func TestAccAWSWafXssMatchSet_disappears(t *testing.T) {
func TestAccAWSWafXssMatchSet_changeTuples(t *testing.T) {
var before, after waf.XssMatchSet
setName := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5))
resourceName := "aws_waf_xss_match_set.xss_match_set"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
Expand All @@ -119,62 +121,48 @@ func TestAccAWSWafXssMatchSet_changeTuples(t *testing.T) {
{
Config: testAccAWSWafXssMatchSetConfig(setName),
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &before),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "name", setName),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.2316364334.data", ""),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.field_to_match.2316364334.type", "QUERY_STRING"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2018581549.text_transformation", "NONE"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.3756326843.data", ""),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.field_to_match.3756326843.type", "URI"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2786024938.text_transformation", "NONE"),
testAccCheckAWSWafXssMatchSetExists(resourceName, &before),
resource.TestCheckResourceAttr(resourceName, "name", setName),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.#", "2"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2018581549.field_to_match.#", "1"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2018581549.field_to_match.2316364334.data", ""),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2018581549.field_to_match.2316364334.type", "QUERY_STRING"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2018581549.text_transformation", "NONE"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2786024938.field_to_match.#", "1"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2786024938.field_to_match.3756326843.data", ""),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2786024938.field_to_match.3756326843.type", "URI"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2786024938.text_transformation", "NONE"),
),
},
{
Config: testAccAWSWafXssMatchSetConfig_changeTuples(setName),
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &after),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "name", setName),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "2"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2893682529.field_to_match.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2893682529.field_to_match.4253810390.data", "GET"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2893682529.field_to_match.4253810390.type", "METHOD"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.2893682529.text_transformation", "HTML_ENTITY_DECODE"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.4270311415.field_to_match.#", "1"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.4270311415.field_to_match.281401076.data", ""),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.4270311415.field_to_match.281401076.type", "BODY"),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.4270311415.text_transformation", "CMD_LINE"),
testAccCheckAWSWafXssMatchSetExists(resourceName, &after),
resource.TestCheckResourceAttr(resourceName, "name", setName),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.#", "2"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2893682529.field_to_match.#", "1"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2893682529.field_to_match.4253810390.data", "GET"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2893682529.field_to_match.4253810390.type", "METHOD"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.2893682529.text_transformation", "HTML_ENTITY_DECODE"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.4270311415.field_to_match.#", "1"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.4270311415.field_to_match.281401076.data", ""),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.4270311415.field_to_match.281401076.type", "BODY"),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.4270311415.text_transformation", "CMD_LINE"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccAWSWafXssMatchSet_noTuples(t *testing.T) {
var ipset waf.XssMatchSet
setName := fmt.Sprintf("xssMatchSet-%s", acctest.RandString(5))
resourceName := "aws_waf_xss_match_set.xss_match_set"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) },
Expand All @@ -184,13 +172,16 @@ func TestAccAWSWafXssMatchSet_noTuples(t *testing.T) {
{
Config: testAccAWSWafXssMatchSetConfig_noTuples(setName),
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckAWSWafXssMatchSetExists("aws_waf_xss_match_set.xss_match_set", &ipset),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "name", setName),
resource.TestCheckResourceAttr(
"aws_waf_xss_match_set.xss_match_set", "xss_match_tuples.#", "0"),
testAccCheckAWSWafXssMatchSetExists(resourceName, &ipset),
resource.TestCheckResourceAttr(resourceName, "name", setName),
resource.TestCheckResourceAttr(resourceName, "xss_match_tuples.#", "0"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}
Expand Down Expand Up @@ -285,7 +276,7 @@ func testAccCheckAWSWafXssMatchSetDestroy(s *terraform.State) error {

// Return nil if the XssMatchSet is already destroyed
if awsErr, ok := err.(awserr.Error); ok {
if awsErr.Code() == "WAFNonexistentItemException" {
if awsErr.Code() == waf.ErrCodeNonexistentItemException {
return nil
}
}
Expand Down
9 changes: 9 additions & 0 deletions website/docs/r/waf_xss_match_set.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,12 @@ The following arguments are supported:
In addition to all arguments above, the following attributes are exported:

* `id` - The ID of the WAF XssMatchSet.
* `arn` - Amazon Resource Name (ARN)

## Import

WAF XSS Match Set can be imported using their ID, e.g.

```
$ terraform import aws_waf_xss_match_set.example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc
```