From f95d11256ed02ac37e1ea77a84522727784fe0b9 Mon Sep 17 00:00:00 2001 From: Danniel Magno Date: Mon, 3 Jul 2017 16:50:37 -0300 Subject: [PATCH 1/9] Add support for aws_wafregional_rule --- aws/provider.go | 1 + aws/resource_aws_wafregional_rule.go | 193 ++++++++++++++ aws/resource_aws_wafregional_rule_test.go | 244 ++++++++++++++++++ website/aws.erb | 4 + website/docs/r/wafregional_rule.html.markdown | 50 ++++ 5 files changed, 492 insertions(+) create mode 100644 aws/resource_aws_wafregional_rule.go create mode 100644 aws/resource_aws_wafregional_rule_test.go create mode 100644 website/docs/r/wafregional_rule.html.markdown diff --git a/aws/provider.go b/aws/provider.go index edc26a51f80..09fd56188bb 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -556,6 +556,7 @@ func Provider() terraform.ResourceProvider { "aws_wafregional_byte_match_set": resourceAwsWafRegionalByteMatchSet(), "aws_wafregional_ipset": resourceAwsWafRegionalIPSet(), "aws_wafregional_xss_match_set": resourceAwsWafRegionalXssMatchSet(), + "aws_wafregional_rule": resourceAwsWafRegionalRule(), "aws_batch_compute_environment": resourceAwsBatchComputeEnvironment(), "aws_batch_job_definition": resourceAwsBatchJobDefinition(), "aws_batch_job_queue": resourceAwsBatchJobQueue(), diff --git a/aws/resource_aws_wafregional_rule.go b/aws/resource_aws_wafregional_rule.go new file mode 100644 index 00000000000..b63a84f3bd3 --- /dev/null +++ b/aws/resource_aws_wafregional_rule.go @@ -0,0 +1,193 @@ +package aws + +import ( + "fmt" + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsWafRegionalRule() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsWafRegionalRuleCreate, + Read: resourceAwsWafRegionalRuleRead, + Update: resourceAwsWafRegionalRuleUpdate, + Delete: resourceAwsWafRegionalRuleDelete, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "metric_name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "predicates": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "negated": &schema.Schema{ + Type: schema.TypeBool, + Required: true, + }, + "data_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if len(value) > 128 { + errors = append(errors, fmt.Errorf( + "%q cannot be longer than 128 characters", k)) + } + return + }, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if value != "IPMatch" && value != "ByteMatch" && value != "SqlInjectionMatch" && value != "SizeConstraint" && value != "XssMatch" { + errors = append(errors, fmt.Errorf( + "%q must be one of IPMatch | ByteMatch | SqlInjectionMatch | SizeConstraint | XssMatch", k)) + } + return + }, + }, + }, + }, + }, + }, + } +} + +func resourceAwsWafRegionalRuleCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + region := meta.(*AWSClient).region + + wr := newWafRegionalRetryer(conn, region) + out, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + params := &waf.CreateRuleInput{ + ChangeToken: token, + MetricName: aws.String(d.Get("metric_name").(string)), + Name: aws.String(d.Get("name").(string)), + } + + return conn.CreateRule(params) + }) + if err != nil { + return err + } + resp := out.(*waf.CreateRuleOutput) + d.SetId(*resp.Rule.RuleId) + return resourceAwsWafRegionalRuleUpdate(d, meta) +} + +func resourceAwsWafRegionalRuleRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + + params := &waf.GetRuleInput{ + RuleId: aws.String(d.Id()), + } + + resp, err := conn.GetRule(params) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { + log.Printf("[WARN] WAF Rule (%s) not found, error code (404)", d.Id()) + d.SetId("") + return nil + } + + return err + } + + var predicates []map[string]interface{} + + for _, predicateSet := range resp.Rule.Predicates { + predicate := map[string]interface{}{ + "negated": *predicateSet.Negated, + "type": *predicateSet.Type, + "data_id": *predicateSet.DataId, + } + predicates = append(predicates, predicate) + } + + d.Set("predicates", predicates) + d.Set("name", resp.Rule.Name) + d.Set("metric_name", resp.Rule.MetricName) + + return nil +} + +func resourceAwsWafRegionalRuleUpdate(d *schema.ResourceData, meta interface{}) error { + err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionInsert) + if err != nil { + return fmt.Errorf("Error Updating WAF Rule: %s", err) + } + return resourceAwsWafRegionalRuleRead(d, meta) +} + +func resourceAwsWafRegionalRuleDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).wafregionalconn + region := meta.(*AWSClient).region + + err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionDelete) + if err != nil { + return fmt.Errorf("Error Removing WAF Rule Predicates: %s", err) + } + wr := newWafRegionalRetryer(conn, region) + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.DeleteRuleInput{ + ChangeToken: token, + RuleId: aws.String(d.Id()), + } + log.Printf("[INFO] Deleting WAF Rule") + return conn.DeleteRule(req) + }) + if err != nil { + return fmt.Errorf("Error deleting WAF Rule: %s", err) + } + + return nil +} + +func updateWafRegionalRuleResource(d *schema.ResourceData, meta interface{}, ChangeAction string) error { + conn := meta.(*AWSClient).wafregionalconn + region := meta.(*AWSClient).region + + wr := newWafRegionalRetryer(conn, region) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateRuleInput{ + ChangeToken: token, + RuleId: aws.String(d.Id()), + } + + predicatesSet := d.Get("predicates").(*schema.Set) + for _, predicateI := range predicatesSet.List() { + predicate := predicateI.(map[string]interface{}) + updatePredicate := &waf.RuleUpdate{ + Action: aws.String(ChangeAction), + Predicate: &waf.Predicate{ + Negated: aws.Bool(predicate["negated"].(bool)), + Type: aws.String(predicate["type"].(string)), + DataId: aws.String(predicate["data_id"].(string)), + }, + } + req.Updates = append(req.Updates, updatePredicate) + } + + return conn.UpdateRule(req) + }) + if err != nil { + return fmt.Errorf("Error Updating WAF Rule: %s", err) + } + + return nil +} diff --git a/aws/resource_aws_wafregional_rule_test.go b/aws/resource_aws_wafregional_rule_test.go new file mode 100644 index 00000000000..04fac7b9847 --- /dev/null +++ b/aws/resource_aws_wafregional_rule_test.go @@ -0,0 +1,244 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/waf" + "github.com/hashicorp/terraform/helper/acctest" +) + +func TestAccAWSWafRegionalRule_basic(t *testing.T) { + var v waf.Rule + wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalRuleDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSWafRegionalRuleConfig(wafRuleName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &v), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "name", wafRuleName), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "predicates.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "metric_name", wafRuleName), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalRule_changeNameForceNew(t *testing.T) { + var before, after waf.Rule + wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) + wafRuleNewName := fmt.Sprintf("wafrulenew%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalIPSetDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalRuleConfig(wafRuleName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &before), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "name", wafRuleName), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "predicates.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "metric_name", wafRuleName), + ), + }, + { + Config: testAccAWSWafRegionalRuleConfigChangeName(wafRuleNewName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &after), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "name", wafRuleNewName), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "predicates.#", "1"), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "metric_name", wafRuleNewName), + ), + }, + }, + }) +} + +func TestAccAWSWafRegionalRule_disappears(t *testing.T) { + var v waf.Rule + wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalRuleConfig(wafRuleName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &v), + testAccCheckAWSWafRegionalRuleDisappears(&v), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSWafRegionalRuleDisappears(v *waf.Rule) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + region := testAccProvider.Meta().(*AWSClient).region + + wr := newWafRegionalRetryer(conn, region) + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { + req := &waf.UpdateRuleInput{ + ChangeToken: token, + RuleId: v.RuleId, + } + + for _, Predicate := range v.Predicates { + Predicate := &waf.RuleUpdate{ + Action: aws.String("DELETE"), + Predicate: &waf.Predicate{ + Negated: Predicate.Negated, + Type: Predicate.Type, + DataId: Predicate.DataId, + }, + } + req.Updates = append(req.Updates, Predicate) + } + + return conn.UpdateRule(req) + }) + if err != nil { + return fmt.Errorf("Error Updating WAF Rule: %s", err) + } + + _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + opts := &waf.DeleteRuleInput{ + ChangeToken: token, + RuleId: v.RuleId, + } + return conn.DeleteRule(opts) + }) + if err != nil { + return fmt.Errorf("Error Deleting WAF Rule: %s", err) + } + return nil + } +} + +func testAccCheckAWSWafRegionalRuleDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_wafregional_rule" { + continue + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetRule( + &waf.GetRuleInput{ + RuleId: aws.String(rs.Primary.ID), + }) + + if err == nil { + if *resp.Rule.RuleId == rs.Primary.ID { + return fmt.Errorf("WAF Rule %s still exists", rs.Primary.ID) + } + } + + // Return nil if the Rule is already destroyed + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "WAFNonexistentItemException" { + return nil + } + } + + return err + } + + return nil +} + +func testAccCheckAWSWafRegionalRuleExists(n string, v *waf.Rule) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No WAF Rule ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).wafregionalconn + resp, err := conn.GetRule(&waf.GetRuleInput{ + RuleId: aws.String(rs.Primary.ID), + }) + + if err != nil { + return err + } + + if *resp.Rule.RuleId == rs.Primary.ID { + *v = *resp.Rule + return nil + } + + return fmt.Errorf("WAF Rule (%s) not found", rs.Primary.ID) + } +} + +func testAccAWSWafRegionalRuleConfig(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_ipset" "ipset" { + name = "%s" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "%s" + metric_name = "%s" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +}`, name, name, name) +} + +func testAccAWSWafRegionalRuleConfigChangeName(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_ipset" "ipset" { + name = "%s" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "%s" + metric_name = "%s" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +}`, name, name, name) +} diff --git a/website/aws.erb b/website/aws.erb index d4822a87659..89790bc0684 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -1515,6 +1515,10 @@ aws_wafregional_xss_match_set + > + aws_wafregional_rule + + diff --git a/website/docs/r/wafregional_rule.html.markdown b/website/docs/r/wafregional_rule.html.markdown new file mode 100644 index 00000000000..97f8325ef25 --- /dev/null +++ b/website/docs/r/wafregional_rule.html.markdown @@ -0,0 +1,50 @@ +--- +layout: "aws" +page_title: "AWS: wafregional_rule" +sidebar_current: "docs-aws-resource-wafregional-rule" +description: |- + Provides a AWS WAF Regional rule resource for use with ALB. +--- + +# aws\_wafregional\_rule + +Provides a WAF Regional Rule Resource for use with Application Load Balancer. + +## Example Usage + +``` +resource "aws_wafregional_ipset" "ipset" { + name = "tfIPSet" + ip_set_descriptors { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_rule" "wafrule" { + depends_on = ["aws_wafregional_ipset.ipset"] + name = "tfWAFRule" + metric_name = "tfWAFRule" + predicates { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = false + type = "IPMatch" + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule. +* `name` - (Required) The name or description of the rule. +* `predicates` - (Optional) The ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule. + +## Remarks + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the WAF rule. From 5a4204564dadc934ad63cdbee1e0b2fdeb0d2950 Mon Sep 17 00:00:00 2001 From: Brad Sickles Date: Tue, 30 Jan 2018 09:42:54 -0500 Subject: [PATCH 2/9] Updating docs --- website/docs/r/wafregional_rule.html.markdown | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/website/docs/r/wafregional_rule.html.markdown b/website/docs/r/wafregional_rule.html.markdown index 97f8325ef25..c0bfcc49dd0 100644 --- a/website/docs/r/wafregional_rule.html.markdown +++ b/website/docs/r/wafregional_rule.html.markdown @@ -12,23 +12,25 @@ Provides a WAF Regional Rule Resource for use with Application Load Balancer. ## Example Usage -``` +```hcl resource "aws_wafregional_ipset" "ipset" { name = "tfIPSet" + ip_set_descriptors { - type = "IPV4" + type = "IPV4" value = "192.0.7.0/24" } } resource "aws_wafregional_rule" "wafrule" { - depends_on = ["aws_wafregional_ipset.ipset"] - name = "tfWAFRule" + depends_on = ["aws_wafregional_ipset.ipset"] + name = "tfWAFRule" metric_name = "tfWAFRule" + predicates { + type = "IPMatch" data_id = "${aws_wafregional_ipset.ipset.id}" negated = false - type = "IPMatch" } } ``` @@ -37,10 +39,22 @@ resource "aws_wafregional_rule" "wafrule" { The following arguments are supported: -* `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule. * `name` - (Required) The name or description of the rule. +* `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule. * `predicates` - (Optional) The ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule. +## Nested Blocks + +### `predicates` + +See [dcos](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-rule-predicates.html) + +#### Arguments + +* `type` - (Required) The type of predicate in a rule, such as an IPSet (IPMatch) +* `data_id` - (Required) The unique identifier of a predicate, such as the ID of a ByteMatchSet or IPSet. +* `negated` - (Required) Whether to use the settings or the negated settings that you specified in the `ByteMatchSet`, `IPSet`, `SizeConstraintSet`, `SqlInjectionMatchSet`, or `XssMatchSet` objects. + ## Remarks ## Attributes Reference From cc2d84cad370bb43ba11d00a32306e7100bb51e4 Mon Sep 17 00:00:00 2001 From: pvanbuijtene Date: Thu, 15 Mar 2018 21:25:36 +0100 Subject: [PATCH 3/9] Use singular name for predicate field --- aws/resource_aws_wafregional_rule.go | 6 +++--- aws/resource_aws_wafregional_rule_test.go | 20 ++++++++++--------- website/docs/r/wafregional_rule.html.markdown | 17 ++++++++-------- 3 files changed, 22 insertions(+), 21 deletions(-) diff --git a/aws/resource_aws_wafregional_rule.go b/aws/resource_aws_wafregional_rule.go index b63a84f3bd3..626ba6ccc2d 100644 --- a/aws/resource_aws_wafregional_rule.go +++ b/aws/resource_aws_wafregional_rule.go @@ -28,7 +28,7 @@ func resourceAwsWafRegionalRule() *schema.Resource { Required: true, ForceNew: true, }, - "predicates": &schema.Schema{ + "predicate": &schema.Schema{ Type: schema.TypeSet, Optional: true, Elem: &schema.Resource{ @@ -119,7 +119,7 @@ func resourceAwsWafRegionalRuleRead(d *schema.ResourceData, meta interface{}) er predicates = append(predicates, predicate) } - d.Set("predicates", predicates) + d.Set("predicate", predicates) d.Set("name", resp.Rule.Name) d.Set("metric_name", resp.Rule.MetricName) @@ -169,7 +169,7 @@ func updateWafRegionalRuleResource(d *schema.ResourceData, meta interface{}, Cha RuleId: aws.String(d.Id()), } - predicatesSet := d.Get("predicates").(*schema.Set) + predicatesSet := d.Get("predicate").(*schema.Set) for _, predicateI := range predicatesSet.List() { predicate := predicateI.(map[string]interface{}) updatePredicate := &waf.RuleUpdate{ diff --git a/aws/resource_aws_wafregional_rule_test.go b/aws/resource_aws_wafregional_rule_test.go index 04fac7b9847..c886a8f8f30 100644 --- a/aws/resource_aws_wafregional_rule_test.go +++ b/aws/resource_aws_wafregional_rule_test.go @@ -28,7 +28,7 @@ func TestAccAWSWafRegionalRule_basic(t *testing.T) { resource.TestCheckResourceAttr( "aws_wafregional_rule.wafrule", "name", wafRuleName), resource.TestCheckResourceAttr( - "aws_wafregional_rule.wafrule", "predicates.#", "1"), + "aws_wafregional_rule.wafrule", "predicate.#", "1"), resource.TestCheckResourceAttr( "aws_wafregional_rule.wafrule", "metric_name", wafRuleName), ), @@ -54,7 +54,7 @@ func TestAccAWSWafRegionalRule_changeNameForceNew(t *testing.T) { resource.TestCheckResourceAttr( "aws_wafregional_rule.wafrule", "name", wafRuleName), resource.TestCheckResourceAttr( - "aws_wafregional_rule.wafrule", "predicates.#", "1"), + "aws_wafregional_rule.wafrule", "predicate.#", "1"), resource.TestCheckResourceAttr( "aws_wafregional_rule.wafrule", "metric_name", wafRuleName), ), @@ -66,7 +66,7 @@ func TestAccAWSWafRegionalRule_changeNameForceNew(t *testing.T) { resource.TestCheckResourceAttr( "aws_wafregional_rule.wafrule", "name", wafRuleNewName), resource.TestCheckResourceAttr( - "aws_wafregional_rule.wafrule", "predicates.#", "1"), + "aws_wafregional_rule.wafrule", "predicate.#", "1"), resource.TestCheckResourceAttr( "aws_wafregional_rule.wafrule", "metric_name", wafRuleNewName), ), @@ -203,17 +203,18 @@ func testAccAWSWafRegionalRuleConfig(name string) string { return fmt.Sprintf(` resource "aws_wafregional_ipset" "ipset" { name = "%s" - ip_set_descriptors { + + ip_set_descriptor { type = "IPV4" value = "192.0.7.0/24" } } resource "aws_wafregional_rule" "wafrule" { - depends_on = ["aws_wafregional_ipset.ipset"] name = "%s" metric_name = "%s" - predicates { + + predicate { data_id = "${aws_wafregional_ipset.ipset.id}" negated = false type = "IPMatch" @@ -225,17 +226,18 @@ func testAccAWSWafRegionalRuleConfigChangeName(name string) string { return fmt.Sprintf(` resource "aws_wafregional_ipset" "ipset" { name = "%s" - ip_set_descriptors { + + ip_set_descriptor { type = "IPV4" value = "192.0.7.0/24" } } resource "aws_wafregional_rule" "wafrule" { - depends_on = ["aws_wafregional_ipset.ipset"] name = "%s" metric_name = "%s" - predicates { + + predicate { data_id = "${aws_wafregional_ipset.ipset.id}" negated = false type = "IPMatch" diff --git a/website/docs/r/wafregional_rule.html.markdown b/website/docs/r/wafregional_rule.html.markdown index c0bfcc49dd0..f00ced86de8 100644 --- a/website/docs/r/wafregional_rule.html.markdown +++ b/website/docs/r/wafregional_rule.html.markdown @@ -3,12 +3,12 @@ layout: "aws" page_title: "AWS: wafregional_rule" sidebar_current: "docs-aws-resource-wafregional-rule" description: |- - Provides a AWS WAF Regional rule resource for use with ALB. + Provides an AWS WAF Regional rule resource for use with ALB. --- # aws\_wafregional\_rule -Provides a WAF Regional Rule Resource for use with Application Load Balancer. +Provides an WAF Regional Rule Resource for use with Application Load Balancer. ## Example Usage @@ -16,18 +16,17 @@ Provides a WAF Regional Rule Resource for use with Application Load Balancer. resource "aws_wafregional_ipset" "ipset" { name = "tfIPSet" - ip_set_descriptors { + ip_set_descriptor { type = "IPV4" value = "192.0.7.0/24" } } resource "aws_wafregional_rule" "wafrule" { - depends_on = ["aws_wafregional_ipset.ipset"] name = "tfWAFRule" metric_name = "tfWAFRule" - predicates { + predicate { type = "IPMatch" data_id = "${aws_wafregional_ipset.ipset.id}" negated = false @@ -41,13 +40,13 @@ The following arguments are supported: * `name` - (Required) The name or description of the rule. * `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule. -* `predicates` - (Optional) The ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule. +* `predicate` - (Optional) The ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule. -## Nested Blocks +## Nested Fields -### `predicates` +### `predicate` -See [dcos](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-rule-predicates.html) +See [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-rule-predicates.html) #### Arguments From 61478f27bce4dd55010e59a55a531f4f46745efb Mon Sep 17 00:00:00 2001 From: pvanbuijtene Date: Thu, 15 Mar 2018 21:52:54 +0100 Subject: [PATCH 4/9] Use helpers --- aws/resource_aws_wafregional_rule.go | 34 ++++++++++------------- aws/resource_aws_wafregional_rule_test.go | 4 ++- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/aws/resource_aws_wafregional_rule.go b/aws/resource_aws_wafregional_rule.go index 626ba6ccc2d..d4f8fd9d921 100644 --- a/aws/resource_aws_wafregional_rule.go +++ b/aws/resource_aws_wafregional_rule.go @@ -4,10 +4,12 @@ import ( "fmt" "log" + "github.com/aws/aws-sdk-go/service/wafregional" + "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/waf" "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/helper/validation" ) func resourceAwsWafRegionalRule() *schema.Resource { @@ -38,28 +40,20 @@ func resourceAwsWafRegionalRule() *schema.Resource { Required: true, }, "data_id": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { - value := v.(string) - if len(value) > 128 { - errors = append(errors, fmt.Errorf( - "%q cannot be longer than 128 characters", k)) - } - return - }, + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringLenBetween(1, 128), }, "type": &schema.Schema{ Type: schema.TypeString, Required: true, - ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { - value := v.(string) - if value != "IPMatch" && value != "ByteMatch" && value != "SqlInjectionMatch" && value != "SizeConstraint" && value != "XssMatch" { - errors = append(errors, fmt.Errorf( - "%q must be one of IPMatch | ByteMatch | SqlInjectionMatch | SizeConstraint | XssMatch", k)) - } - return - }, + ValidateFunc: validation.StringInSlice([]string{ + "IPMatch", + "ByteMatch", + "SqlInjectionMatch", + "SizeConstraint", + "XssMatch", + }, false), }, }, }, @@ -99,7 +93,7 @@ func resourceAwsWafRegionalRuleRead(d *schema.ResourceData, meta interface{}) er resp, err := conn.GetRule(params) if err != nil { - if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" { + if isAWSErr(err, wafregional.ErrCodeWAFNonexistentItemException, "") { log.Printf("[WARN] WAF Rule (%s) not found, error code (404)", d.Id()) d.SetId("") return nil diff --git a/aws/resource_aws_wafregional_rule_test.go b/aws/resource_aws_wafregional_rule_test.go index c886a8f8f30..b3846c65c8e 100644 --- a/aws/resource_aws_wafregional_rule_test.go +++ b/aws/resource_aws_wafregional_rule_test.go @@ -4,6 +4,8 @@ import ( "fmt" "testing" + "github.com/aws/aws-sdk-go/service/wafregional" + "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" @@ -159,7 +161,7 @@ func testAccCheckAWSWafRegionalRuleDestroy(s *terraform.State) error { // Return nil if the Rule is already destroyed if awsErr, ok := err.(awserr.Error); ok { - if awsErr.Code() == "WAFNonexistentItemException" { + if isAWSErr(awsErr, wafregional.ErrCodeWAFNonexistentItemException, "") { return nil } } From 40b0a080752762b2625a80a0ec84caca51ccdce5 Mon Sep 17 00:00:00 2001 From: pvanbuijtene Date: Thu, 15 Mar 2018 22:23:21 +0100 Subject: [PATCH 5/9] Use flatten func --- aws/resource_aws_wafregional_rule.go | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/aws/resource_aws_wafregional_rule.go b/aws/resource_aws_wafregional_rule.go index d4f8fd9d921..02481badbf8 100644 --- a/aws/resource_aws_wafregional_rule.go +++ b/aws/resource_aws_wafregional_rule.go @@ -102,18 +102,7 @@ func resourceAwsWafRegionalRuleRead(d *schema.ResourceData, meta interface{}) er return err } - var predicates []map[string]interface{} - - for _, predicateSet := range resp.Rule.Predicates { - predicate := map[string]interface{}{ - "negated": *predicateSet.Negated, - "type": *predicateSet.Type, - "data_id": *predicateSet.DataId, - } - predicates = append(predicates, predicate) - } - - d.Set("predicate", predicates) + d.Set("predicate", flattenWafPredicates(resp.Rule.Predicates)) d.Set("name", resp.Rule.Name) d.Set("metric_name", resp.Rule.MetricName) @@ -185,3 +174,15 @@ func updateWafRegionalRuleResource(d *schema.ResourceData, meta interface{}, Cha return nil } + +func flattenWafPredicates(ts []*waf.Predicate) []interface{} { + out := make([]interface{}, len(ts), len(ts)) + for i, p := range ts { + m := make(map[string]interface{}) + m["negated"] = *p.Negated + m["type"] = *p.Type + m["data_id"] = *p.DataId + out[i] = m + } + return out +} From 210fef9704da8f122beff1f8b0ae7f03e50dcf3f Mon Sep 17 00:00:00 2001 From: pvanbuijtene Date: Thu, 15 Mar 2018 23:27:00 +0100 Subject: [PATCH 6/9] Add test for rule without predicates --- aws/resource_aws_wafregional_rule.go | 22 ++++++++---- aws/resource_aws_wafregional_rule_test.go | 44 +++++++++++++++++++---- 2 files changed, 53 insertions(+), 13 deletions(-) diff --git a/aws/resource_aws_wafregional_rule.go b/aws/resource_aws_wafregional_rule.go index 02481badbf8..98625fbafc8 100644 --- a/aws/resource_aws_wafregional_rule.go +++ b/aws/resource_aws_wafregional_rule.go @@ -110,9 +110,11 @@ func resourceAwsWafRegionalRuleRead(d *schema.ResourceData, meta interface{}) er } func resourceAwsWafRegionalRuleUpdate(d *schema.ResourceData, meta interface{}) error { - err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionInsert) - if err != nil { - return fmt.Errorf("Error Updating WAF Rule: %s", err) + if d.HasChange("predicate") { + err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionInsert) + if err != nil { + return fmt.Errorf("Error Updating WAF Rule: %s", err) + } } return resourceAwsWafRegionalRuleRead(d, meta) } @@ -121,12 +123,18 @@ func resourceAwsWafRegionalRuleDelete(d *schema.ResourceData, meta interface{}) conn := meta.(*AWSClient).wafregionalconn region := meta.(*AWSClient).region - err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionDelete) - if err != nil { - return fmt.Errorf("Error Removing WAF Rule Predicates: %s", err) + if v, ok := d.GetOk("predicate"); ok { + predicates := v.(*schema.Set).List() + if len(predicates) > 0 { + err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionDelete) + if err != nil { + return fmt.Errorf("Error Removing WAF Rule Predicates: %s", err) + } + } } + wr := newWafRegionalRetryer(conn, region) - _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { + _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { req := &waf.DeleteRuleInput{ ChangeToken: token, RuleId: aws.String(d.Id()), diff --git a/aws/resource_aws_wafregional_rule_test.go b/aws/resource_aws_wafregional_rule_test.go index b3846c65c8e..1dd69b2e114 100644 --- a/aws/resource_aws_wafregional_rule_test.go +++ b/aws/resource_aws_wafregional_rule_test.go @@ -97,6 +97,29 @@ func TestAccAWSWafRegionalRule_disappears(t *testing.T) { }) } +func TestAccAWSWafRegionalRule_noPredicates(t *testing.T) { + var v waf.Rule + wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRegionalRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalRule_noPredicates(wafRuleName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &v), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "name", wafRuleName), + resource.TestCheckResourceAttr( + "aws_wafregional_rule.wafrule", "predicate.#", "0"), + ), + }, + }, + }) +} + func testAccCheckAWSWafRegionalRuleDisappears(v *waf.Rule) resource.TestCheckFunc { return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).wafregionalconn @@ -109,16 +132,16 @@ func testAccCheckAWSWafRegionalRuleDisappears(v *waf.Rule) resource.TestCheckFun RuleId: v.RuleId, } - for _, Predicate := range v.Predicates { - Predicate := &waf.RuleUpdate{ + for _, predicate := range v.Predicates { + predicate := &waf.RuleUpdate{ Action: aws.String("DELETE"), Predicate: &waf.Predicate{ - Negated: Predicate.Negated, - Type: Predicate.Type, - DataId: Predicate.DataId, + Negated: predicate.Negated, + Type: predicate.Type, + DataId: predicate.DataId, }, } - req.Updates = append(req.Updates, Predicate) + req.Updates = append(req.Updates, predicate) } return conn.UpdateRule(req) @@ -246,3 +269,12 @@ resource "aws_wafregional_rule" "wafrule" { } }`, name, name, name) } + +func testAccAWSWafRegionalRule_noPredicates(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_rule" "wafrule" { + name = "%s" + metric_name = "%s" +} +`, name, name) +} From 1f232271466b4291695834dd499ddf41f2dbeebd Mon Sep 17 00:00:00 2001 From: pvanbuijtene Date: Sat, 17 Mar 2018 21:28:28 +0100 Subject: [PATCH 7/9] Add test for predicate changes --- aws/resource_aws_wafregional_rule.go | 39 +++---- aws/resource_aws_wafregional_rule_test.go | 102 +++++++++++++++++- website/docs/r/wafregional_rule.html.markdown | 6 +- 3 files changed, 119 insertions(+), 28 deletions(-) diff --git a/aws/resource_aws_wafregional_rule.go b/aws/resource_aws_wafregional_rule.go index 98625fbafc8..8cc5fb55493 100644 --- a/aws/resource_aws_wafregional_rule.go +++ b/aws/resource_aws_wafregional_rule.go @@ -111,7 +111,10 @@ func resourceAwsWafRegionalRuleRead(d *schema.ResourceData, meta interface{}) er func resourceAwsWafRegionalRuleUpdate(d *schema.ResourceData, meta interface{}) error { if d.HasChange("predicate") { - err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionInsert) + o, n := d.GetChange("predicate") + oldP, newP := o.(*schema.Set).List(), n.(*schema.Set).List() + + err := updateWafRegionalRuleResource(d.Id(), oldP, newP, meta) if err != nil { return fmt.Errorf("Error Updating WAF Rule: %s", err) } @@ -123,13 +126,12 @@ func resourceAwsWafRegionalRuleDelete(d *schema.ResourceData, meta interface{}) conn := meta.(*AWSClient).wafregionalconn region := meta.(*AWSClient).region - if v, ok := d.GetOk("predicate"); ok { - predicates := v.(*schema.Set).List() - if len(predicates) > 0 { - err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionDelete) - if err != nil { - return fmt.Errorf("Error Removing WAF Rule Predicates: %s", err) - } + oldPredicates := d.Get("predicate").(*schema.Set).List() + if len(oldPredicates) > 0 { + noPredicates := []interface{}{} + err := updateWafRegionalRuleResource(d.Id(), oldPredicates, noPredicates, meta) + if err != nil { + return fmt.Errorf("Error Removing WAF Rule Predicates: %s", err) } } @@ -149,7 +151,8 @@ func resourceAwsWafRegionalRuleDelete(d *schema.ResourceData, meta interface{}) return nil } -func updateWafRegionalRuleResource(d *schema.ResourceData, meta interface{}, ChangeAction string) error { +//func updateWafRegionalRuleResource(d *schema.ResourceData, meta interface{}, ChangeAction string) error { +func updateWafRegionalRuleResource(id string, oldP, newP []interface{}, meta interface{}) error { conn := meta.(*AWSClient).wafregionalconn region := meta.(*AWSClient).region @@ -157,25 +160,13 @@ func updateWafRegionalRuleResource(d *schema.ResourceData, meta interface{}, Cha _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { req := &waf.UpdateRuleInput{ ChangeToken: token, - RuleId: aws.String(d.Id()), - } - - predicatesSet := d.Get("predicate").(*schema.Set) - for _, predicateI := range predicatesSet.List() { - predicate := predicateI.(map[string]interface{}) - updatePredicate := &waf.RuleUpdate{ - Action: aws.String(ChangeAction), - Predicate: &waf.Predicate{ - Negated: aws.Bool(predicate["negated"].(bool)), - Type: aws.String(predicate["type"].(string)), - DataId: aws.String(predicate["data_id"].(string)), - }, - } - req.Updates = append(req.Updates, updatePredicate) + RuleId: aws.String(id), + Updates: diffWafRulePredicates(oldP, newP), } return conn.UpdateRule(req) }) + if err != nil { return fmt.Errorf("Error Updating WAF Rule: %s", err) } diff --git a/aws/resource_aws_wafregional_rule_test.go b/aws/resource_aws_wafregional_rule_test.go index 1dd69b2e114..c561f8b1962 100644 --- a/aws/resource_aws_wafregional_rule_test.go +++ b/aws/resource_aws_wafregional_rule_test.go @@ -7,6 +7,7 @@ import ( "github.com/aws/aws-sdk-go/service/wafregional" "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/terraform" "github.com/aws/aws-sdk-go/aws" @@ -100,7 +101,6 @@ func TestAccAWSWafRegionalRule_disappears(t *testing.T) { func TestAccAWSWafRegionalRule_noPredicates(t *testing.T) { var v waf.Rule wafRuleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) - resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, @@ -120,6 +120,67 @@ func TestAccAWSWafRegionalRule_noPredicates(t *testing.T) { }) } +func TestAccAWSWafRegionalRule_changePredicates(t *testing.T) { + var ipset waf.IPSet + var xssMatchSet waf.XssMatchSet + + var before, after waf.Rule + var idx int + ruleName := fmt.Sprintf("wafrule%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSWafRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSWafRegionalRuleConfig(ruleName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &ipset), + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &before), + resource.TestCheckResourceAttr("aws_wafregional_rule.wafrule", "name", ruleName), + resource.TestCheckResourceAttr("aws_wafregional_rule.wafrule", "predicate.#", "1"), + computeWafRegionalRulePredicate(&ipset.IPSetId, false, "IPMatch", &idx), + testCheckResourceAttrWithIndexesAddr("aws_wafregional_rule.wafrule", "predicate.%d.negated", &idx, "false"), + testCheckResourceAttrWithIndexesAddr("aws_wafregional_rule.wafrule", "predicate.%d.type", &idx, "IPMatch"), + ), + }, + { + Config: testAccAWSWafRegionalRule_changePredicates(ruleName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSWafRegionalXssMatchSetExists("aws_wafregional_xss_match_set.xss_match_set", &xssMatchSet), + testAccCheckAWSWafRegionalRuleExists("aws_wafregional_rule.wafrule", &after), + resource.TestCheckResourceAttr("aws_wafregional_rule.wafrule", "name", ruleName), + resource.TestCheckResourceAttr("aws_wafregional_rule.wafrule", "predicate.#", "2"), + computeWafRegionalRulePredicate(&xssMatchSet.XssMatchSetId, true, "XssMatch", &idx), + testCheckResourceAttrWithIndexesAddr("aws_wafregional_rule.wafrule", "predicate.%d.negated", &idx, "true"), + testCheckResourceAttrWithIndexesAddr("aws_wafregional_rule.wafrule", "predicate.%d.type", &idx, "XssMatch"), + computeWafRegionalRulePredicate(&ipset.IPSetId, true, "IPMatch", &idx), + testCheckResourceAttrWithIndexesAddr("aws_wafregional_rule.wafrule", "predicate.%d.negated", &idx, "true"), + testCheckResourceAttrWithIndexesAddr("aws_wafregional_rule.wafrule", "predicate.%d.type", &idx, "IPMatch"), + ), + }, + }, + }) +} + +// Calculates the index which isn't static because dataId is generated as part of the test +func computeWafRegionalRulePredicate(dataId **string, negated bool, pType string, idx *int) resource.TestCheckFunc { + return func(s *terraform.State) error { + predicateResource := resourceAwsWafRegionalRule().Schema["predicate"].Elem.(*schema.Resource) + m := map[string]interface{}{ + "data_id": **dataId, + "negated": negated, + "type": pType, + } + + f := schema.HashResource(predicateResource) + *idx = f(m) + + return nil + } +} + func testAccCheckAWSWafRegionalRuleDisappears(v *waf.Rule) resource.TestCheckFunc { return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).wafregionalconn @@ -278,3 +339,42 @@ resource "aws_wafregional_rule" "wafrule" { } `, name, name) } + +func testAccAWSWafRegionalRule_changePredicates(name string) string { + return fmt.Sprintf(` +resource "aws_wafregional_ipset" "ipset" { + name = "%s" + + ip_set_descriptor { + type = "IPV4" + value = "192.0.7.0/24" + } +} + +resource "aws_wafregional_xss_match_set" "xss_match_set" { + name = "%s" + xss_match_tuple { + text_transformation = "NONE" + field_to_match { + type = "URI" + } + } +} + +resource "aws_wafregional_rule" "wafrule" { + name = "%s" + metric_name = "%s" + + predicate { + data_id = "${aws_wafregional_xss_match_set.xss_match_set.id}" + negated = true + type = "XssMatch" + } + + predicate { + data_id = "${aws_wafregional_ipset.ipset.id}" + negated = true + type = "IPMatch" + } +}`, name, name, name, name) +} diff --git a/website/docs/r/wafregional_rule.html.markdown b/website/docs/r/wafregional_rule.html.markdown index f00ced86de8..e879cf89299 100644 --- a/website/docs/r/wafregional_rule.html.markdown +++ b/website/docs/r/wafregional_rule.html.markdown @@ -40,7 +40,7 @@ The following arguments are supported: * `name` - (Required) The name or description of the rule. * `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule. -* `predicate` - (Optional) The ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule. +* `predicate` - (Optional) The `ByteMatchSet`, `IPSet`, `SizeConstraintSet`, `SqlInjectionMatchSet`, or `XssMatchSet` objects to include in a rule. ## Nested Fields @@ -51,7 +51,7 @@ See [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-pr #### Arguments * `type` - (Required) The type of predicate in a rule, such as an IPSet (IPMatch) -* `data_id` - (Required) The unique identifier of a predicate, such as the ID of a ByteMatchSet or IPSet. +* `data_id` - (Required) The unique identifier of a predicate, such as the ID of a `ByteMatchSet` or `IPSet`. * `negated` - (Required) Whether to use the settings or the negated settings that you specified in the `ByteMatchSet`, `IPSet`, `SizeConstraintSet`, `SqlInjectionMatchSet`, or `XssMatchSet` objects. ## Remarks @@ -60,4 +60,4 @@ See [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-pr The following attributes are exported: -* `id` - The ID of the WAF rule. +* `id` - The ID of the WAF Regional Rule. From 61cf64ace79c72464a060b4f040ae30b16b0fcab Mon Sep 17 00:00:00 2001 From: pvanbuijtene Date: Sat, 17 Mar 2018 21:34:57 +0100 Subject: [PATCH 8/9] Require data_id for predicate --- aws/resource_aws_wafregional_rule.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/resource_aws_wafregional_rule.go b/aws/resource_aws_wafregional_rule.go index 8cc5fb55493..f470cba4d59 100644 --- a/aws/resource_aws_wafregional_rule.go +++ b/aws/resource_aws_wafregional_rule.go @@ -41,7 +41,7 @@ func resourceAwsWafRegionalRule() *schema.Resource { }, "data_id": &schema.Schema{ Type: schema.TypeString, - Optional: true, + Required: true, ValidateFunc: validation.StringLenBetween(1, 128), }, "type": &schema.Schema{ From 81e084a86374077662178b896b37a893f48d3547 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Sun, 18 Mar 2018 12:11:04 +0000 Subject: [PATCH 9/9] Reformat imports + remove redundant code --- aws/resource_aws_wafregional_rule_test.go | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/aws/resource_aws_wafregional_rule_test.go b/aws/resource_aws_wafregional_rule_test.go index c561f8b1962..41d99c71a83 100644 --- a/aws/resource_aws_wafregional_rule_test.go +++ b/aws/resource_aws_wafregional_rule_test.go @@ -4,16 +4,13 @@ import ( "fmt" "testing" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/waf" "github.com/aws/aws-sdk-go/service/wafregional" - + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/terraform" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/aws-sdk-go/service/waf" - "github.com/hashicorp/terraform/helper/acctest" ) func TestAccAWSWafRegionalRule_basic(t *testing.T) { @@ -244,10 +241,8 @@ func testAccCheckAWSWafRegionalRuleDestroy(s *terraform.State) error { } // Return nil if the Rule is already destroyed - if awsErr, ok := err.(awserr.Error); ok { - if isAWSErr(awsErr, wafregional.ErrCodeWAFNonexistentItemException, "") { - return nil - } + if isAWSErr(err, wafregional.ErrCodeWAFNonexistentItemException, "") { + return nil } return err