From 6f2dcbfe44f19e1ef0a51e8e20764cbf364d9cc4 Mon Sep 17 00:00:00 2001 From: Danniel Magno Date: Mon, 3 Jul 2017 21:16:05 -0300 Subject: [PATCH 1/8] Add support for aws_wafregional_web_acl_association --- aws/provider.go | 1 + ...rce_aws_wafregional_web_acl_association.go | 135 +++++++++++++++ ...ws_wafregional_web_acl_association_test.go | 161 ++++++++++++++++++ website/aws.erb | 2 + ...regional_web_acl_association.html.markdown | 89 ++++++++++ 5 files changed, 388 insertions(+) create mode 100644 aws/resource_aws_wafregional_web_acl_association.go create mode 100644 aws/resource_aws_wafregional_web_acl_association_test.go create mode 100644 website/docs/r/wafregional_web_acl_association.html.markdown diff --git a/aws/provider.go b/aws/provider.go index f3d71cbc66f..42de2ffeab1 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -561,6 +561,7 @@ func Provider() terraform.ResourceProvider { "aws_wafregional_xss_match_set": resourceAwsWafRegionalXssMatchSet(), "aws_wafregional_rule": resourceAwsWafRegionalRule(), "aws_wafregional_web_acl": resourceAwsWafRegionalWebAcl(), + "aws_wafregional_web_acl_association": resourceAwsWafRegionalWebAclAssociation(), "aws_batch_compute_environment": resourceAwsBatchComputeEnvironment(), "aws_batch_job_definition": resourceAwsBatchJobDefinition(), "aws_batch_job_queue": resourceAwsBatchJobQueue(), diff --git a/aws/resource_aws_wafregional_web_acl_association.go b/aws/resource_aws_wafregional_web_acl_association.go new file mode 100644 index 00000000000..e0a736a3ade --- /dev/null +++ b/aws/resource_aws_wafregional_web_acl_association.go @@ -0,0 +1,135 @@ +package aws + +import ( + "fmt" + "log" + "strings" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/wafregional" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsWafRegionalWebAclAssociation() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsWafRegionalWebAclAssociationCreate, + Read: resourceAwsWafRegionalWebAclAssociationRead, + Update: resourceAwsWafRegionalWebAclAssociationUpdate, + Delete: resourceAwsWafRegionalWebAclAssociationDelete, + + Schema: map[string]*schema.Schema{ + "web_acl_id": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "resource_arn": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func resourceAwsWafRegionalWebAclAssociationCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + log.Printf( + "[INFO] Creating WAF Regional Web ACL association: %s => %s", + d.Get("web_acl_id").(string), + d.Get("resource_arn").(string)) + + params := &wafregional.AssociateWebACLInput{ + WebACLId: aws.String(d.Get("web_acl_id").(string)), + ResourceArn: aws.String(d.Get("resource_arn").(string)), + } + + // create association and wait on retryable error + // no response body + var err error + err = resource.Retry(2*time.Minute, func() *resource.RetryError { + _, err = conn.AssociateWebACL(params) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "WAFUnavailableEntityException" { + return resource.RetryableError(awsErr) + } + } + return resource.NonRetryableError(err) + } + return nil + }) + if err != nil { + return err + } + + // Store association id + d.SetId(fmt.Sprintf("%s:%s", *params.WebACLId, *params.ResourceArn)) + + return nil +} + +func resourceAwsWafRegionalWebAclAssociationRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + web_acl_id, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(d.Id()) + + // List all resources for Web ACL and see if we get a match + params := &wafregional.ListResourcesForWebACLInput{ + WebACLId: aws.String(web_acl_id), + } + + resp, err := conn.ListResourcesForWebACL(params) + if err != nil { + return err + } + + // Find match + found := false + for _, list_resource_arn := range resp.ResourceArns { + if resource_arn == *list_resource_arn { + found = true + break + } + } + if !found { + // It seems it doesn't exist anymore, so clear the ID + d.SetId("") + } + + return nil +} + +func resourceAwsWafRegionalWebAclAssociationUpdate(d *schema.ResourceData, meta interface{}) error { + return resourceAwsWafRegionalWebAclAssociationRead(d, meta) +} + +func resourceAwsWafRegionalWebAclAssociationDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + _, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(d.Id()) + + log.Printf("[INFO] Deleting WAF Regional Web ACL association: %s", resource_arn) + + params := &wafregional.DisassociateWebACLInput{ + ResourceArn: aws.String(resource_arn), + } + + // If action sucessful HTTP 200 response with an empty body + _, err := conn.DisassociateWebACL(params) + if err != nil { + return err + } + + return nil +} + +func resourceAwsWafRegionalWebAclAssociationParseId(id string) (web_acl_id, resource_arn string) { + parts := strings.SplitN(id, ":", 2) + web_acl_id = parts[0] + resource_arn = parts[1] + return +} diff --git a/aws/resource_aws_wafregional_web_acl_association_test.go b/aws/resource_aws_wafregional_web_acl_association_test.go new file mode 100644 index 00000000000..4b5795bd4d9 --- /dev/null +++ b/aws/resource_aws_wafregional_web_acl_association_test.go @@ -0,0 +1,161 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/terraform" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/aws/aws-sdk-go/service/wafregional" +) + +func TestAccAWSWafRegionalWebAclAssociation_basic(t *testing.T) { + var webAcl waf.WebACL + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckWafRegionalWebAclAssociationDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckWafRegionalWebAclAssociationConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckWafRegionalWebAclAssociationExists("aws_wafregional_web_acl_association.foo", &webAcl), + ), + }, + }, + }) +} + +func testAccCheckWafRegionalWebAclAssociationDestroy(s *terraform.State) error { + return testAccCheckWafRegionalWebAclAssociationDestroyWithProvider(s, testAccProvider) +} + +func testAccCheckWafRegionalWebAclAssociationDestroyWithProvider(s *terraform.State, provider *schema.Provider) error { + conn := provider.Meta().(*AWSClient).wafregionalconn + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_wafregional_web_acl_association" { + continue + } + + web_acl_id, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(rs.Primary.ID) + + resp, err := conn.ListResourcesForWebACL(&wafregional.ListResourcesForWebACLInput{WebACLId: aws.String(web_acl_id)}) + if err != nil { + found := false + for _, list_resource_arn := range resp.ResourceArns { + if resource_arn == *list_resource_arn { + found = true + break + } + } + if found { + return fmt.Errorf("WebACL: %v is still associated to resource: %v", web_acl_id, resource_arn) + } + } + } + return nil +} + +func testAccCheckWafRegionalWebAclAssociationExists(n string, webAcl *waf.WebACL) resource.TestCheckFunc { + return func(s *terraform.State) error { + return testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s, n, webAcl, testAccProvider) + } +} + +func testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s *terraform.State, n string, webAcl *waf.WebACL, provider *schema.Provider) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WebACL association ID is set") + } + + web_acl_id, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(rs.Primary.ID) + + conn := provider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.ListResourcesForWebACL(&wafregional.ListResourcesForWebACLInput{WebACLId: aws.String(web_acl_id)}) + if err != nil { + return fmt.Errorf("List Web ACL err: %v", err) + } + + found := false + for _, list_resource_arn := range resp.ResourceArns { + if resource_arn == *list_resource_arn { + found = true + break + } + } + + if !found { + return fmt.Errorf("Web ACL association not found") + } + + return nil +} + +const testAccCheckWafRegionalWebAclAssociationConfig = ` +resource "aws_wafregional_ipset" "foo" { + name = "foo" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "foo" { + depends_on = ["aws_wafregional_ipset.foo"] + name = "foo" + metric_name = "foo" + predicates { + data_id = "${aws_wafregional_ipset.foo.id}" + negated = false + type = "IPMatch" + } +} + +resource "aws_wafregional_web_acl" "foo" { + name = "foo" + metric_name = "foo" + default_action { + type = "ALLOW" + } + rules { + action { + type = "COUNT" + } + priority = 100 + rule_id = "${aws_wafregional_rule.foo.id}" + } +} + +resource "aws_vpc" "foo" { + cidr_block = "10.1.0.0/16" +} + +resource "aws_subnet" "foo" { + vpc_id = "${aws_vpc.foo.id}" + cidr_block = "10.1.1.0/24" +} + +resource "aws_subnet" "bar" { + vpc_id = "${aws_vpc.foo.id}" + cidr_block = "10.1.2.0/24" +} + +resource "aws_alb" "foo" { + subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"] +} + +resource "aws_wafregional_web_acl_association" "foo" { + depends_on = ["aws_alb.foo", "aws_wafregional_web_acl.foo"] + resource_arn = "${aws_alb.foo.arn}" + web_acl_id = "${aws_wafregional_web_acl.foo.id}" +} +` diff --git a/website/aws.erb b/website/aws.erb index 3c508c44a42..61da5b6918e 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -1533,6 +1533,8 @@ > aws_wafregional_xss_match_set + > + aws_wafregional_web_acl_association diff --git a/website/docs/r/wafregional_web_acl_association.html.markdown b/website/docs/r/wafregional_web_acl_association.html.markdown new file mode 100644 index 00000000000..8bdfec19b32 --- /dev/null +++ b/website/docs/r/wafregional_web_acl_association.html.markdown @@ -0,0 +1,89 @@ +--- +layout: "aws" +page_title: "AWS: aws_wafregional_web_acl_association" +sidebar_current: "docs-aws-resource-wafregional-web-acl-association" +description: |- + Provides a resource to create an association between a WAF Regional WebACL and Application Load Balancer. +--- + +# aws\_wafregional\_web\_acl\_association + +Provides a resource to create an association between a WAF Regional WebACL and Application Load Balancer. + +-> **Note:** An Application Load Balancer can only be associated with one WAF Regional WebACL. + +## Example Usage + +``` +resource "aws_wafregional_ipset" "ipset" { + name = "tfIPSet" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "tfWAFRule" + metric_name = "tfWAFRule" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +} + +resource "aws_wafregional_web_acl" "wafacl" { + depends_on = ["aws_wafregional_ipset.ipset", "aws_wafregional_rule.wafrule"] + name = "tfWebACL" + metric_name = "tfWebACL" + default_action { + type = "ALLOW" + } + rules { + action { + type = "BLOCK" + } + priority = 1 + rule_id = "${aws_wafregional_rule.wafrule.id}" + } +} + +resource "aws_vpc" "main" { + cidr_block = "10.1.0.0/16" +} + +resource "aws_subnet" "foo" { + vpc_id = "${aws_vpc.main.id}" + cidr_block = "10.1.1.0/24" +} + +resource "aws_subnet" "bar" { + vpc_id = "${aws_vpc.main.id}" + cidr_block = "10.1.2.0/24" +} + +resource "aws_alb" "alb" { + subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"] +} + +resource "aws_wafregional_web_acl_association" "wafassociation" { + depends_on = ["aws_alb.alb", "aws_wafregional_web_acl.wafacl"] + web_acl_id = "${aws_wafregional_web_acl.wafacl.id}" + resource_arn = "${aws_alb.alb.arn}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `web_acl_id` - (Required) The ID of the WAF Regional WebACL to create an association. +* `resource_arn` - (Required) Application Load Balancer ARN to associate with. + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the association From 1c06ae396f3ad03178c9ef3042a93028e5824a6c Mon Sep 17 00:00:00 2001 From: Brad Sickles Date: Tue, 30 Jan 2018 09:35:49 -0500 Subject: [PATCH 2/8] Formatting and updating code --- ...rce_aws_wafregional_web_acl_association.go | 22 +++++++-------- ...regional_web_acl_association.html.markdown | 27 +++++++++++-------- 2 files changed, 27 insertions(+), 22 deletions(-) diff --git a/aws/resource_aws_wafregional_web_acl_association.go b/aws/resource_aws_wafregional_web_acl_association.go index e0a736a3ade..434edafff9b 100644 --- a/aws/resource_aws_wafregional_web_acl_association.go +++ b/aws/resource_aws_wafregional_web_acl_association.go @@ -75,11 +75,11 @@ func resourceAwsWafRegionalWebAclAssociationCreate(d *schema.ResourceData, meta func resourceAwsWafRegionalWebAclAssociationRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).wafregionalconn - web_acl_id, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(d.Id()) + webAclId, resourceArn := resourceAwsWafRegionalWebAclAssociationParseId(d.Id()) // List all resources for Web ACL and see if we get a match params := &wafregional.ListResourcesForWebACLInput{ - WebACLId: aws.String(web_acl_id), + WebACLId: aws.String(webAclId), } resp, err := conn.ListResourcesForWebACL(params) @@ -89,8 +89,8 @@ func resourceAwsWafRegionalWebAclAssociationRead(d *schema.ResourceData, meta in // Find match found := false - for _, list_resource_arn := range resp.ResourceArns { - if resource_arn == *list_resource_arn { + for _, listResourceArn := range resp.ResourceArns { + if resourceArn == *listResourceArn { found = true break } @@ -110,15 +110,15 @@ func resourceAwsWafRegionalWebAclAssociationUpdate(d *schema.ResourceData, meta func resourceAwsWafRegionalWebAclAssociationDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).wafregionalconn - _, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(d.Id()) + _, resourceArn := resourceAwsWafRegionalWebAclAssociationParseId(d.Id()) - log.Printf("[INFO] Deleting WAF Regional Web ACL association: %s", resource_arn) + log.Printf("[INFO] Deleting WAF Regional Web ACL association: %s", resourceArn) params := &wafregional.DisassociateWebACLInput{ - ResourceArn: aws.String(resource_arn), + ResourceArn: aws.String(resourceArn), } - // If action sucessful HTTP 200 response with an empty body + // If action successful HTTP 200 response with an empty body _, err := conn.DisassociateWebACL(params) if err != nil { return err @@ -127,9 +127,9 @@ func resourceAwsWafRegionalWebAclAssociationDelete(d *schema.ResourceData, meta return nil } -func resourceAwsWafRegionalWebAclAssociationParseId(id string) (web_acl_id, resource_arn string) { +func resourceAwsWafRegionalWebAclAssociationParseId(id string) (webAclId, resourceArn string) { parts := strings.SplitN(id, ":", 2) - web_acl_id = parts[0] - resource_arn = parts[1] + webAclId = parts[0] + resourceArn = parts[1] return } diff --git a/website/docs/r/wafregional_web_acl_association.html.markdown b/website/docs/r/wafregional_web_acl_association.html.markdown index 8bdfec19b32..9ecc794135b 100644 --- a/website/docs/r/wafregional_web_acl_association.html.markdown +++ b/website/docs/r/wafregional_web_acl_association.html.markdown @@ -17,36 +17,41 @@ Provides a resource to create an association between a WAF Regional WebACL and A ``` resource "aws_wafregional_ipset" "ipset" { name = "tfIPSet" + ip_set_descriptors { - type = "IPV4" + type = "IPV4" value = "192.0.7.0/24" } } resource "aws_wafregional_rule" "wafrule" { - depends_on = ["aws_wafregional_ipset.ipset"] - name = "tfWAFRule" + depends_on = ["aws_wafregional_ipset.ipset"] + name = "tfWAFRule" metric_name = "tfWAFRule" + predicates { data_id = "${aws_wafregional_ipset.ipset.id}" negated = false - type = "IPMatch" + type = "IPMatch" } } resource "aws_wafregional_web_acl" "wafacl" { - depends_on = ["aws_wafregional_ipset.ipset", "aws_wafregional_rule.wafrule"] - name = "tfWebACL" + depends_on = ["aws_wafregional_ipset.ipset", "aws_wafregional_rule.wafrule"] + name = "tfWebACL" metric_name = "tfWebACL" + default_action { type = "ALLOW" } + rules { action { type = "BLOCK" } + priority = 1 - rule_id = "${aws_wafregional_rule.wafrule.id}" + rule_id = "${aws_wafregional_rule.wafrule.id}" } } @@ -55,12 +60,12 @@ resource "aws_vpc" "main" { } resource "aws_subnet" "foo" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = "${aws_vpc.main.id}" cidr_block = "10.1.1.0/24" } resource "aws_subnet" "bar" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = "${aws_vpc.main.id}" cidr_block = "10.1.2.0/24" } @@ -69,8 +74,8 @@ resource "aws_alb" "alb" { } resource "aws_wafregional_web_acl_association" "wafassociation" { - depends_on = ["aws_alb.alb", "aws_wafregional_web_acl.wafacl"] - web_acl_id = "${aws_wafregional_web_acl.wafacl.id}" + depends_on = ["aws_alb.alb", "aws_wafregional_web_acl.wafacl"] + web_acl_id = "${aws_wafregional_web_acl.wafacl.id}" resource_arn = "${aws_alb.alb.arn}" } ``` From 0b7aa3ddd8b92b2f318316b03cc516dc76c48219 Mon Sep 17 00:00:00 2001 From: pvanbuijtene Date: Mon, 12 Mar 2018 22:04:32 +0100 Subject: [PATCH 3/8] Fix documentation markup --- website/aws.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/aws.erb b/website/aws.erb index 61da5b6918e..708958fbb09 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -1533,6 +1533,8 @@ > aws_wafregional_xss_match_set + + > aws_wafregional_web_acl_association From de4d3c497e75783b1042890fd9435986fa517f15 Mon Sep 17 00:00:00 2001 From: Brad Sickles Date: Tue, 30 Jan 2018 09:42:54 -0500 Subject: [PATCH 4/8] Updating docs --- website/docs/r/wafregional_web_acl_association.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/wafregional_web_acl_association.html.markdown b/website/docs/r/wafregional_web_acl_association.html.markdown index 9ecc794135b..b0b445b5f45 100644 --- a/website/docs/r/wafregional_web_acl_association.html.markdown +++ b/website/docs/r/wafregional_web_acl_association.html.markdown @@ -14,7 +14,7 @@ Provides a resource to create an association between a WAF Regional WebACL and A ## Example Usage -``` +```hcl resource "aws_wafregional_ipset" "ipset" { name = "tfIPSet" From cb32d3f63d2225fb2db12dd1b395d94ef884a98b Mon Sep 17 00:00:00 2001 From: pvanbuijtene Date: Thu, 22 Mar 2018 20:26:15 +0100 Subject: [PATCH 5/8] Apply review comments --- ...rce_aws_wafregional_web_acl_association.go | 15 ++--- ...ws_wafregional_web_acl_association_test.go | 62 ++++++++----------- ...regional_web_acl_association.html.markdown | 51 ++++++++------- 3 files changed, 55 insertions(+), 73 deletions(-) diff --git a/aws/resource_aws_wafregional_web_acl_association.go b/aws/resource_aws_wafregional_web_acl_association.go index 434edafff9b..559a8d0417c 100644 --- a/aws/resource_aws_wafregional_web_acl_association.go +++ b/aws/resource_aws_wafregional_web_acl_association.go @@ -7,7 +7,6 @@ import ( "time" "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/wafregional" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" @@ -17,13 +16,13 @@ func resourceAwsWafRegionalWebAclAssociation() *schema.Resource { return &schema.Resource{ Create: resourceAwsWafRegionalWebAclAssociationCreate, Read: resourceAwsWafRegionalWebAclAssociationRead, - Update: resourceAwsWafRegionalWebAclAssociationUpdate, Delete: resourceAwsWafRegionalWebAclAssociationDelete, Schema: map[string]*schema.Schema{ "web_acl_id": &schema.Schema{ Type: schema.TypeString, Required: true, + ForceNew: true, }, "resource_arn": &schema.Schema{ Type: schema.TypeString, @@ -53,10 +52,8 @@ func resourceAwsWafRegionalWebAclAssociationCreate(d *schema.ResourceData, meta err = resource.Retry(2*time.Minute, func() *resource.RetryError { _, err = conn.AssociateWebACL(params) if err != nil { - if awsErr, ok := err.(awserr.Error); ok { - if awsErr.Code() == "WAFUnavailableEntityException" { - return resource.RetryableError(awsErr) - } + if isAWSErr(err, wafregional.ErrCodeWAFUnavailableEntityException, "") { + return resource.RetryableError(err) } return resource.NonRetryableError(err) } @@ -96,17 +93,13 @@ func resourceAwsWafRegionalWebAclAssociationRead(d *schema.ResourceData, meta in } } if !found { - // It seems it doesn't exist anymore, so clear the ID + log.Printf("[WARN] WAF Regional Web ACL association (%s) not found, removing from state", d.Id()) d.SetId("") } return nil } -func resourceAwsWafRegionalWebAclAssociationUpdate(d *schema.ResourceData, meta interface{}) error { - return resourceAwsWafRegionalWebAclAssociationRead(d, meta) -} - func resourceAwsWafRegionalWebAclAssociationDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).wafregionalconn diff --git a/aws/resource_aws_wafregional_web_acl_association_test.go b/aws/resource_aws_wafregional_web_acl_association_test.go index 4b5795bd4d9..f8b53aa7cc0 100644 --- a/aws/resource_aws_wafregional_web_acl_association_test.go +++ b/aws/resource_aws_wafregional_web_acl_association_test.go @@ -42,19 +42,19 @@ func testAccCheckWafRegionalWebAclAssociationDestroyWithProvider(s *terraform.St continue } - web_acl_id, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(rs.Primary.ID) + webAclId, resourceArn := resourceAwsWafRegionalWebAclAssociationParseId(rs.Primary.ID) - resp, err := conn.ListResourcesForWebACL(&wafregional.ListResourcesForWebACLInput{WebACLId: aws.String(web_acl_id)}) + resp, err := conn.ListResourcesForWebACL(&wafregional.ListResourcesForWebACLInput{WebACLId: aws.String(webAclId)}) if err != nil { found := false - for _, list_resource_arn := range resp.ResourceArns { - if resource_arn == *list_resource_arn { + for _, listResourceArn := range resp.ResourceArns { + if resourceArn == *listResourceArn { found = true break } } if found { - return fmt.Errorf("WebACL: %v is still associated to resource: %v", web_acl_id, resource_arn) + return fmt.Errorf("WebACL: %v is still associated to resource: %v", webAclId, resourceArn) } } } @@ -77,17 +77,17 @@ func testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s *terraform.Sta return fmt.Errorf("No WebACL association ID is set") } - web_acl_id, resource_arn := resourceAwsWafRegionalWebAclAssociationParseId(rs.Primary.ID) + webAclId, resourceArn := resourceAwsWafRegionalWebAclAssociationParseId(rs.Primary.ID) conn := provider.Meta().(*AWSClient).wafregionalconn - resp, err := conn.ListResourcesForWebACL(&wafregional.ListResourcesForWebACLInput{WebACLId: aws.String(web_acl_id)}) + resp, err := conn.ListResourcesForWebACL(&wafregional.ListResourcesForWebACLInput{WebACLId: aws.String(webAclId)}) if err != nil { return fmt.Errorf("List Web ACL err: %v", err) } found := false - for _, list_resource_arn := range resp.ResourceArns { - if resource_arn == *list_resource_arn { + for _, listResourceArn := range resp.ResourceArns { + if resourceArn == *listResourceArn { found = true break } @@ -101,23 +101,9 @@ func testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s *terraform.Sta } const testAccCheckWafRegionalWebAclAssociationConfig = ` -resource "aws_wafregional_ipset" "foo" { - name = "foo" - ip_set_descriptors { - type = "IPV4" - value = "192.0.7.0/24" - } -} - resource "aws_wafregional_rule" "foo" { - depends_on = ["aws_wafregional_ipset.foo"] name = "foo" metric_name = "foo" - predicates { - data_id = "${aws_wafregional_ipset.foo.id}" - negated = false - type = "IPMatch" - } } resource "aws_wafregional_web_acl" "foo" { @@ -126,36 +112,40 @@ resource "aws_wafregional_web_acl" "foo" { default_action { type = "ALLOW" } - rules { - action { - type = "COUNT" - } - priority = 100 - rule_id = "${aws_wafregional_rule.foo.id}" - } + rule { + action { + type = "COUNT" + } + priority = 100 + rule_id = "${aws_wafregional_rule.foo.id}" + } } resource "aws_vpc" "foo" { cidr_block = "10.1.0.0/16" } +data "aws_availability_zones" "available" {} + resource "aws_subnet" "foo" { vpc_id = "${aws_vpc.foo.id}" - cidr_block = "10.1.1.0/24" + cidr_block = "10.1.1.0/24" + availability_zone = "${data.aws_availability_zones.available.names[0]}" } resource "aws_subnet" "bar" { vpc_id = "${aws_vpc.foo.id}" - cidr_block = "10.1.2.0/24" + cidr_block = "10.1.2.0/24" + availability_zone = "${data.aws_availability_zones.available.names[1]}" } resource "aws_alb" "foo" { - subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"] + internal = true + subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"] } resource "aws_wafregional_web_acl_association" "foo" { - depends_on = ["aws_alb.foo", "aws_wafregional_web_acl.foo"] - resource_arn = "${aws_alb.foo.arn}" - web_acl_id = "${aws_wafregional_web_acl.foo.id}" + resource_arn = "${aws_alb.foo.arn}" + web_acl_id = "${aws_wafregional_web_acl.foo.id}" } ` diff --git a/website/docs/r/wafregional_web_acl_association.html.markdown b/website/docs/r/wafregional_web_acl_association.html.markdown index b0b445b5f45..a6d49de3cc7 100644 --- a/website/docs/r/wafregional_web_acl_association.html.markdown +++ b/website/docs/r/wafregional_web_acl_association.html.markdown @@ -6,7 +6,7 @@ description: |- Provides a resource to create an association between a WAF Regional WebACL and Application Load Balancer. --- -# aws\_wafregional\_web\_acl\_association +# aws_wafregional_web_acl_association Provides a resource to create an association between a WAF Regional WebACL and Application Load Balancer. @@ -18,65 +18,64 @@ Provides a resource to create an association between a WAF Regional WebACL and A resource "aws_wafregional_ipset" "ipset" { name = "tfIPSet" - ip_set_descriptors { + ip_set_descriptor { type = "IPV4" value = "192.0.7.0/24" } } -resource "aws_wafregional_rule" "wafrule" { - depends_on = ["aws_wafregional_ipset.ipset"] +resource "aws_wafregional_rule" "foo" { name = "tfWAFRule" metric_name = "tfWAFRule" - predicates { + predicate { data_id = "${aws_wafregional_ipset.ipset.id}" negated = false type = "IPMatch" } } -resource "aws_wafregional_web_acl" "wafacl" { - depends_on = ["aws_wafregional_ipset.ipset", "aws_wafregional_rule.wafrule"] - name = "tfWebACL" - metric_name = "tfWebACL" - +resource "aws_wafregional_web_acl" "foo" { + name = "foo" + metric_name = "foo" default_action { type = "ALLOW" } - - rules { + rule { action { - type = "BLOCK" + type = "BLOCK" } - priority = 1 - rule_id = "${aws_wafregional_rule.wafrule.id}" + rule_id = "${aws_wafregional_rule.foo.id}" } } -resource "aws_vpc" "main" { +resource "aws_vpc" "foo" { cidr_block = "10.1.0.0/16" } +data "aws_availability_zones" "available" {} + resource "aws_subnet" "foo" { - vpc_id = "${aws_vpc.main.id}" - cidr_block = "10.1.1.0/24" + vpc_id = "${aws_vpc.foo.id}" + cidr_block = "10.1.1.0/24" + availability_zone = "${data.aws_availability_zones.available.names[0]}" } resource "aws_subnet" "bar" { - vpc_id = "${aws_vpc.main.id}" - cidr_block = "10.1.2.0/24" + vpc_id = "${aws_vpc.foo.id}" + cidr_block = "10.1.2.0/24" + availability_zone = "${data.aws_availability_zones.available.names[1]}" } -resource "aws_alb" "alb" { - subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"] +resource "aws_alb" "foo" { + internal = true + subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"] } -resource "aws_wafregional_web_acl_association" "wafassociation" { - depends_on = ["aws_alb.alb", "aws_wafregional_web_acl.wafacl"] - web_acl_id = "${aws_wafregional_web_acl.wafacl.id}" - resource_arn = "${aws_alb.alb.arn}" +resource "aws_wafregional_web_acl_association" "foo" { + resource_arn = "${aws_alb.foo.arn}" + web_acl_id = "${aws_wafregional_web_acl.foo.id}" } ``` From b74a955225d165472e17516622d5f35fe52984bf Mon Sep 17 00:00:00 2001 From: pvanbuijtene Date: Thu, 22 Mar 2018 21:16:26 +0100 Subject: [PATCH 6/8] Test with multiple associations --- ...ws_wafregional_web_acl_association_test.go | 42 +++++++++++++++---- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/aws/resource_aws_wafregional_web_acl_association_test.go b/aws/resource_aws_wafregional_web_acl_association_test.go index f8b53aa7cc0..e8e08439613 100644 --- a/aws/resource_aws_wafregional_web_acl_association_test.go +++ b/aws/resource_aws_wafregional_web_acl_association_test.go @@ -9,22 +9,36 @@ import ( "github.com/hashicorp/terraform/terraform" "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/waf" "github.com/aws/aws-sdk-go/service/wafregional" ) func TestAccAWSWafRegionalWebAclAssociation_basic(t *testing.T) { - var webAcl waf.WebACL + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckWafRegionalWebAclAssociationDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckWafRegionalWebAclAssociationConfig_basic, + Check: resource.ComposeTestCheckFunc( + testAccCheckWafRegionalWebAclAssociationExists("aws_wafregional_web_acl_association.foo"), + ), + }, + }, + }) +} +func TestAccAWSWafRegionalWebAclAssociation_multipleAssociations(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testAccCheckWafRegionalWebAclAssociationDestroy, Steps: []resource.TestStep{ resource.TestStep{ - Config: testAccCheckWafRegionalWebAclAssociationConfig, + Config: testAccCheckWafRegionalWebAclAssociationConfig_multipleAssociations, Check: resource.ComposeTestCheckFunc( - testAccCheckWafRegionalWebAclAssociationExists("aws_wafregional_web_acl_association.foo", &webAcl), + testAccCheckWafRegionalWebAclAssociationExists("aws_wafregional_web_acl_association.foo"), + testAccCheckWafRegionalWebAclAssociationExists("aws_wafregional_web_acl_association.bar"), ), }, }, @@ -61,13 +75,13 @@ func testAccCheckWafRegionalWebAclAssociationDestroyWithProvider(s *terraform.St return nil } -func testAccCheckWafRegionalWebAclAssociationExists(n string, webAcl *waf.WebACL) resource.TestCheckFunc { +func testAccCheckWafRegionalWebAclAssociationExists(n string) resource.TestCheckFunc { return func(s *terraform.State) error { - return testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s, n, webAcl, testAccProvider) + return testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s, n, testAccProvider) } } -func testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s *terraform.State, n string, webAcl *waf.WebACL, provider *schema.Provider) error { +func testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s *terraform.State, n string, provider *schema.Provider) error { rs, ok := s.RootModule().Resources[n] if !ok { return fmt.Errorf("Not found: %s", n) @@ -100,7 +114,7 @@ func testAccCheckWafRegionalWebAclAssociationExistsWithProvider(s *terraform.Sta return nil } -const testAccCheckWafRegionalWebAclAssociationConfig = ` +const testAccCheckWafRegionalWebAclAssociationConfig_basic = ` resource "aws_wafregional_rule" "foo" { name = "foo" metric_name = "foo" @@ -149,3 +163,15 @@ resource "aws_wafregional_web_acl_association" "foo" { web_acl_id = "${aws_wafregional_web_acl.foo.id}" } ` + +const testAccCheckWafRegionalWebAclAssociationConfig_multipleAssociations = testAccCheckWafRegionalWebAclAssociationConfig_basic + ` +resource "aws_alb" "bar" { + internal = true + subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"] +} + +resource "aws_wafregional_web_acl_association" "bar" { + resource_arn = "${aws_alb.bar.arn}" + web_acl_id = "${aws_wafregional_web_acl.foo.id}" +} +` From 1757927713d3eb2b66957211c77100dd66efd3da Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Fri, 23 Mar 2018 07:12:07 +0000 Subject: [PATCH 7/8] Order items in sidebar alphabetically --- website/aws.erb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/website/aws.erb b/website/aws.erb index 708958fbb09..4b53b411a60 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -1531,13 +1531,14 @@ aws_wafregional_web_acl - > - aws_wafregional_xss_match_set - - > aws_wafregional_web_acl_association + + > + aws_wafregional_xss_match_set + + From ba79fde5647a29361fb6b510cd4ffe9e3f5bb149 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Fri, 23 Mar 2018 07:14:01 +0000 Subject: [PATCH 8/8] Fix indentation in example + test --- aws/resource_aws_wafregional_web_acl_association_test.go | 6 +++--- .../docs/r/wafregional_web_acl_association.html.markdown | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/aws/resource_aws_wafregional_web_acl_association_test.go b/aws/resource_aws_wafregional_web_acl_association_test.go index e8e08439613..c92a2db55d2 100644 --- a/aws/resource_aws_wafregional_web_acl_association_test.go +++ b/aws/resource_aws_wafregional_web_acl_association_test.go @@ -136,19 +136,19 @@ resource "aws_wafregional_web_acl" "foo" { } resource "aws_vpc" "foo" { - cidr_block = "10.1.0.0/16" + cidr_block = "10.1.0.0/16" } data "aws_availability_zones" "available" {} resource "aws_subnet" "foo" { - vpc_id = "${aws_vpc.foo.id}" + vpc_id = "${aws_vpc.foo.id}" cidr_block = "10.1.1.0/24" availability_zone = "${data.aws_availability_zones.available.names[0]}" } resource "aws_subnet" "bar" { - vpc_id = "${aws_vpc.foo.id}" + vpc_id = "${aws_vpc.foo.id}" cidr_block = "10.1.2.0/24" availability_zone = "${data.aws_availability_zones.available.names[1]}" } diff --git a/website/docs/r/wafregional_web_acl_association.html.markdown b/website/docs/r/wafregional_web_acl_association.html.markdown index a6d49de3cc7..6e2a7e420b0 100644 --- a/website/docs/r/wafregional_web_acl_association.html.markdown +++ b/website/docs/r/wafregional_web_acl_association.html.markdown @@ -51,19 +51,19 @@ resource "aws_wafregional_web_acl" "foo" { } resource "aws_vpc" "foo" { - cidr_block = "10.1.0.0/16" + cidr_block = "10.1.0.0/16" } data "aws_availability_zones" "available" {} resource "aws_subnet" "foo" { - vpc_id = "${aws_vpc.foo.id}" + vpc_id = "${aws_vpc.foo.id}" cidr_block = "10.1.1.0/24" availability_zone = "${data.aws_availability_zones.available.names[0]}" } resource "aws_subnet" "bar" { - vpc_id = "${aws_vpc.foo.id}" + vpc_id = "${aws_vpc.foo.id}" cidr_block = "10.1.2.0/24" availability_zone = "${data.aws_availability_zones.available.names[1]}" }