From 178ccb772d15756d3927e9f49b72e4968cf23408 Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Thu, 5 Nov 2020 09:12:13 -0500 Subject: [PATCH] tests/resource/aws_waf_web_acl: Remove hardcoded environment variable handling Reference: https://github.com/hashicorp/terraform-provider-aws/issues/8316 Reference: https://github.com/hashicorp/terraform-provider-aws/issues/15737 Previously in AWS GovCloud (US): ``` === CONT TestAccAWSWafWebAcl_LoggingConfiguration TestAccAWSWafWebAcl_LoggingConfiguration: provider_test.go:184: [{0 error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. status code: 403, request id: 525f91fb-c193-46b4-861a-9cabab7f4303 []}] --- FAIL: TestAccAWSWafWebAcl_LoggingConfiguration (0.38s) ``` Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSWafWebAcl_LoggingConfiguration (115.97s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- SKIP: TestAccAWSWafWebAcl_LoggingConfiguration (24.06s) ``` --- aws/resource_aws_waf_web_acl_test.go | 45 ++++++++++---- aws/waf_logging_configuration_test.go | 87 +++++++++++++++++++++++++++ 2 files changed, 119 insertions(+), 13 deletions(-) create mode 100644 aws/waf_logging_configuration_test.go diff --git a/aws/resource_aws_waf_web_acl_test.go b/aws/resource_aws_waf_web_acl_test.go index b6420c30abd..fa82a5c91e7 100644 --- a/aws/resource_aws_waf_web_acl_test.go +++ b/aws/resource_aws_waf_web_acl_test.go @@ -3,7 +3,6 @@ package aws import ( "fmt" "log" - "os" "regexp" "testing" @@ -270,18 +269,18 @@ func TestAccAWSWafWebAcl_Rules(t *testing.T) { } func TestAccAWSWafWebAcl_LoggingConfiguration(t *testing.T) { - oldvar := os.Getenv("AWS_DEFAULT_REGION") - os.Setenv("AWS_DEFAULT_REGION", "us-east-1") - defer os.Setenv("AWS_DEFAULT_REGION", oldvar) - var webACL waf.WebACL rName := fmt.Sprintf("wafacl%s", acctest.RandString(5)) resourceName := "aws_waf_web_acl.test" resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSWaf(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckAWSWafWebAclDestroy, + PreCheck: func() { + testAccPreCheck(t) + testAccPreCheckAWSWaf(t) + testAccPreCheckWafLoggingConfiguration(t) + }, + ProviderFactories: testAccProviderFactories, + CheckDestroy: testAccCheckAWSWafWebAclDestroy, Steps: []resource.TestStep{ { Config: testAccAWSWafWebAclConfig_Logging(rName), @@ -294,6 +293,7 @@ func TestAccAWSWafWebAcl_LoggingConfiguration(t *testing.T) { }, // Test resource import { + Config: testAccAWSWafWebAclConfig_Logging(rName), ResourceName: resourceName, ImportState: true, ImportStateVerify: true, @@ -309,7 +309,7 @@ func TestAccAWSWafWebAcl_LoggingConfiguration(t *testing.T) { }, // Test logging configuration removal { - Config: testAccAWSWafWebAclConfig_Required(rName), + Config: testAccAWSWafWebAclConfig_LoggingRemoved(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSWafWebAclExists(resourceName, &webACL), resource.TestCheckResourceAttr(resourceName, "logging_configuration.#", "0"), @@ -632,7 +632,9 @@ resource "aws_waf_web_acl" "test" { } func testAccAWSWafWebAclConfig_Logging(rName string) string { - return fmt.Sprintf(` + return composeConfig( + testAccWafLoggingConfigurationRegionProviderConfig(), + fmt.Sprintf(` resource "aws_waf_web_acl" "test" { name = %[1]q metric_name = %[1]q @@ -693,11 +695,28 @@ resource "aws_kinesis_firehose_delivery_stream" "test" { bucket_arn = aws_s3_bucket.test.arn } } -`, rName) +`, rName)) +} + +func testAccAWSWafWebAclConfig_LoggingRemoved(rName string) string { + return composeConfig( + testAccWafLoggingConfigurationRegionProviderConfig(), + fmt.Sprintf(` +resource "aws_waf_web_acl" "test" { + metric_name = %[1]q + name = %[1]q + + default_action { + type = "ALLOW" + } +} +`, rName)) } func testAccAWSWafWebAclConfig_LoggingUpdate(rName string) string { - return fmt.Sprintf(` + return composeConfig( + testAccWafLoggingConfigurationRegionProviderConfig(), + fmt.Sprintf(` resource "aws_waf_web_acl" "test" { metric_name = %[1]q name = %[1]q @@ -747,7 +766,7 @@ resource "aws_kinesis_firehose_delivery_stream" "test" { bucket_arn = aws_s3_bucket.test.arn } } -`, rName) +`, rName)) } func testAccAWSWafWebAclConfigTags1(rName, tag1Key, tag1Value string) string { diff --git a/aws/waf_logging_configuration_test.go b/aws/waf_logging_configuration_test.go new file mode 100644 index 00000000000..a3f577c5066 --- /dev/null +++ b/aws/waf_logging_configuration_test.go @@ -0,0 +1,87 @@ +package aws + +import ( + "context" + "sync" + "testing" + + "github.com/aws/aws-sdk-go/aws/endpoints" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" +) + +// WAF Logging Configurations can only be enabled with destinations in specific regions, + +// testAccWafLoggingConfigurationRegion is the chosen WAF Logging Configurations testing region +// +// Cached to prevent issues should multiple regions become available. +var testAccWafLoggingConfigurationRegion string + +// testAccProviderWafLoggingConfiguration is the WAF Logging Configurations provider instance +// +// This Provider can be used in testing code for API calls without requiring +// the use of saving and referencing specific ProviderFactories instances. +// +// testAccPreCheckWafLoggingConfiguration(t) must be called before using this provider instance. +var testAccProviderWafLoggingConfiguration *schema.Provider + +// testAccProviderWafLoggingConfigurationConfigure ensures the provider is only configured once +var testAccProviderWafLoggingConfigurationConfigure sync.Once + +// testAccPreCheckWafLoggingConfiguration verifies AWS credentials and that WAF Logging Configurations is supported +func testAccPreCheckWafLoggingConfiguration(t *testing.T) { + testAccPartitionHasServicePreCheck(waf.EndpointsID, t) + + // Since we are outside the scope of the Terraform configuration we must + // call Configure() to properly initialize the provider configuration. + testAccProviderWafLoggingConfigurationConfigure.Do(func() { + testAccProviderWafLoggingConfiguration = Provider() + + region := testAccGetWafLoggingConfigurationRegion() + + if region == "" { + t.Skip("WAF Logging Configuration not available in this AWS Partition") + } + + config := map[string]interface{}{ + "region": region, + } + + diags := testAccProviderWafLoggingConfiguration.Configure(context.Background(), terraform.NewResourceConfigRaw(config)) + + if diags != nil && diags.HasError() { + for _, d := range diags { + if d.Severity == diag.Error { + t.Fatalf("error configuring WAF Logging Configurations provider: %s", d.Summary) + } + } + } + }) +} + +// testAccWafLoggingConfigurationRegionProviderConfig is the Terraform provider configuration for WAF Logging Configurations region testing +// +// Testing WAF Logging Configurations assumes no other provider configurations +// are necessary and overwrites the "aws" provider configuration. +func testAccWafLoggingConfigurationRegionProviderConfig() string { + return testAccRegionalProviderConfig(testAccGetWafLoggingConfigurationRegion()) +} + +// testAccGetWafLoggingConfigurationRegion returns the WAF Logging Configurations region for testing +func testAccGetWafLoggingConfigurationRegion() string { + if testAccWafLoggingConfigurationRegion != "" { + return testAccWafLoggingConfigurationRegion + } + + // AWS Commercial: https://docs.aws.amazon.com/waf/latest/developerguide/classic-logging.html + // AWS GovCloud (US) - not available yet: https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-waf.html + // AWS China - not available yet + switch testAccGetPartition() { + case endpoints.AwsPartitionID: + testAccWafLoggingConfigurationRegion = endpoints.UsEast1RegionID + } + + return testAccWafLoggingConfigurationRegion +}