From 6ab410d3e100b10c2e2d8871aadff7baf71c891b Mon Sep 17 00:00:00 2001
From: Pascal van Buijtene <pascal.van.buijtene@evision-software.com>
Date: Sat, 11 Apr 2020 20:49:04 +0200
Subject: [PATCH] Add aws_wafv2_web_acl data source

---
 aws/data_source_aws_wafv2_web_acl.go       | 83 +++++++++++++++++++++
 aws/data_source_aws_wafv2_web_acl_test.go  | 86 ++++++++++++++++++++++
 aws/provider.go                            |  1 +
 website/aws.erb                            |  3 +
 website/docs/d/wafv2_web_acl.html.markdown | 35 +++++++++
 5 files changed, 208 insertions(+)
 create mode 100644 aws/data_source_aws_wafv2_web_acl.go
 create mode 100644 aws/data_source_aws_wafv2_web_acl_test.go
 create mode 100644 website/docs/d/wafv2_web_acl.html.markdown

diff --git a/aws/data_source_aws_wafv2_web_acl.go b/aws/data_source_aws_wafv2_web_acl.go
new file mode 100644
index 00000000000..cd77a0cd1fd
--- /dev/null
+++ b/aws/data_source_aws_wafv2_web_acl.go
@@ -0,0 +1,83 @@
+package aws
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/wafv2"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+)
+
+func dataSourceAwsWafv2WebACL() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsWafv2WebACLRead,
+
+		Schema: map[string]*schema.Schema{
+			"arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"description": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"scope": {
+				Type:     schema.TypeString,
+				Required: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					wafv2.ScopeCloudfront,
+					wafv2.ScopeRegional,
+				}, false),
+			},
+		},
+	}
+}
+
+func dataSourceAwsWafv2WebACLRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).wafv2conn
+	name := d.Get("name").(string)
+
+	var foundWebACL *wafv2.WebACLSummary
+	input := &wafv2.ListWebACLsInput{
+		Scope: aws.String(d.Get("scope").(string)),
+		Limit: aws.Int64(100),
+	}
+
+	for {
+		resp, err := conn.ListWebACLs(input)
+		if err != nil {
+			return fmt.Errorf("Error reading WAFv2 WebACLs: %s", err)
+		}
+
+		if resp == nil || resp.WebACLs == nil {
+			return fmt.Errorf("Error reading WAFv2 WebACLs")
+		}
+
+		for _, webACL := range resp.WebACLs {
+			if aws.StringValue(webACL.Name) == name {
+				foundWebACL = webACL
+				break
+			}
+		}
+
+		if resp.NextMarker == nil || foundWebACL != nil {
+			break
+		}
+		input.NextMarker = resp.NextMarker
+	}
+
+	if foundWebACL == nil {
+		return fmt.Errorf("WAFv2 WebACL not found for name: %s", name)
+	}
+
+	d.SetId(aws.StringValue(foundWebACL.Id))
+	d.Set("arn", aws.StringValue(foundWebACL.ARN))
+	d.Set("description", aws.StringValue(foundWebACL.Description))
+
+	return nil
+}
diff --git a/aws/data_source_aws_wafv2_web_acl_test.go b/aws/data_source_aws_wafv2_web_acl_test.go
new file mode 100644
index 00000000000..3df5f9354db
--- /dev/null
+++ b/aws/data_source_aws_wafv2_web_acl_test.go
@@ -0,0 +1,86 @@
+package aws
+
+import (
+	"fmt"
+	"regexp"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccDataSourceAwsWafv2WebACL_Basic(t *testing.T) {
+	name := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_wafv2_web_acl.test"
+	datasourceName := "data.aws_wafv2_web_acl.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccDataSourceAwsWafv2WebACL_NonExistent(name),
+				ExpectError: regexp.MustCompile(`WAFv2 WebACL not found`),
+			},
+			{
+				Config: testAccDataSourceAwsWafv2WebACL_Name(name),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(datasourceName, "arn", resourceName, "arn"),
+					testAccMatchResourceAttrRegionalARN(datasourceName, "arn", "wafv2", regexp.MustCompile(fmt.Sprintf("regional/webacl/%v/.+$", name))),
+					resource.TestCheckResourceAttrPair(datasourceName, "description", resourceName, "description"),
+					resource.TestCheckResourceAttrPair(datasourceName, "id", resourceName, "id"),
+					resource.TestCheckResourceAttrPair(datasourceName, "name", resourceName, "name"),
+					resource.TestCheckResourceAttrPair(datasourceName, "scope", resourceName, "scope"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAwsWafv2WebACL_Name(name string) string {
+	return fmt.Sprintf(`
+resource "aws_wafv2_web_acl" "test" {
+  name  = "%s"
+  scope = "REGIONAL"
+
+  default_action {
+    block {}
+  }
+
+  visibility_config {
+    cloudwatch_metrics_enabled = false
+    metric_name                = "friendly-rule-metric-name"
+    sampled_requests_enabled   = false
+  }
+}
+
+data "aws_wafv2_web_acl" "test" {
+  name  = aws_wafv2_web_acl.test.name
+  scope = "REGIONAL"
+}
+`, name)
+}
+
+func testAccDataSourceAwsWafv2WebACL_NonExistent(name string) string {
+	return fmt.Sprintf(`
+resource "aws_wafv2_web_acl" "test" {
+  name  = "%s"
+  scope = "REGIONAL"
+
+  default_action {
+    block {}
+  }
+
+  visibility_config {
+    cloudwatch_metrics_enabled = false
+    metric_name                = "friendly-rule-metric-name"
+    sampled_requests_enabled   = false
+  }
+}
+
+data "aws_wafv2_web_acl" "test" {
+  name  = "tf-acc-test-does-not-exist"
+  scope = "REGIONAL"
+}
+`, name)
+}
diff --git a/aws/provider.go b/aws/provider.go
index 32b7c070888..2356ddcaea4 100644
--- a/aws/provider.go
+++ b/aws/provider.go
@@ -337,6 +337,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_wafv2_ip_set":                              dataSourceAwsWafv2IPSet(),
 			"aws_wafv2_regex_pattern_set":                   dataSourceAwsWafv2RegexPatternSet(),
 			"aws_wafv2_rule_group":                          dataSourceAwsWafv2RuleGroup(),
+			"aws_wafv2_web_acl":                             dataSourceAwsWafv2WebACL(),
 			"aws_workspaces_bundle":                         dataSourceAwsWorkspaceBundle(),
 
 			// Adding the Aliases for the ALB -> LB Rename
diff --git a/website/aws.erb b/website/aws.erb
index 99018981678..ada6f71c58d 100644
--- a/website/aws.erb
+++ b/website/aws.erb
@@ -3572,6 +3572,9 @@
                                 <li>
                                     <a href="/docs/providers/aws/d/wafv2_rule_group.html">aws_wafv2_rule_group</a>
                                 </li>
+                                <li>
+                                    <a href="/docs/providers/aws/d/wafv2_web_acl.html">aws_wafv2_web_acl</a>
+                                </li>
                             </ul>
                         </li>
                         <li>
diff --git a/website/docs/d/wafv2_web_acl.html.markdown b/website/docs/d/wafv2_web_acl.html.markdown
new file mode 100644
index 00000000000..caaa3b6aa7c
--- /dev/null
+++ b/website/docs/d/wafv2_web_acl.html.markdown
@@ -0,0 +1,35 @@
+---
+subcategory: "WAFv2"
+layout: "aws"
+page_title: "AWS: aws_wafv2_web_acl"
+description: |-
+  Retrieves the summary of a WAFv2 Web ACL.
+---
+
+# Data Source: aws_wafv2_web_acl
+
+Retrieves the summary of a WAFv2 Web ACL.
+
+## Example Usage
+
+```hcl
+data "aws_wafv2_web_acl" "example" {
+  name  = "some-web-acl"
+  scope = "REGIONAL"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the WAFv2 Web ACL.
+* `scope` - (Required) Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `arn` - The Amazon Resource Name (ARN) of the entity.
+* `description` - The description of the WebACL that helps with identification.
+* `id` - The unique identifier of the WebACL.