New Resource: aws_wafregional_rule

aws/provider.go

@@ -556,6 +556,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_wafregional_byte_match_set":               resourceAwsWafRegionalByteMatchSet(),
 			"aws_wafregional_ipset":                        resourceAwsWafRegionalIPSet(),
 			"aws_wafregional_xss_match_set":                resourceAwsWafRegionalXssMatchSet(),
+			"aws_wafregional_rule":                         resourceAwsWafRegionalRule(),
 			"aws_batch_compute_environment":                resourceAwsBatchComputeEnvironment(),
 			"aws_batch_job_definition":                     resourceAwsBatchJobDefinition(),
 			"aws_batch_job_queue":                          resourceAwsBatchJobQueue(),

aws/resource_aws_wafregional_rule.go

@@ -0,0 +1,193 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/waf"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsWafRegionalRule() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsWafRegionalRuleCreate,
+		Read:   resourceAwsWafRegionalRuleRead,
+		Update: resourceAwsWafRegionalRuleUpdate,
+		Delete: resourceAwsWafRegionalRuleDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"metric_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"predicates": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"negated": &schema.Schema{
+							Type:     schema.TypeBool,
+							Required: true,
+						},
+						"data_id": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+							ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+								value := v.(string)
+								if len(value) > 128 {
+									errors = append(errors, fmt.Errorf(
+										"%q cannot be longer than 128 characters", k))
+								}
+								return
+							},
+						},
+						"type": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+							ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+								value := v.(string)
+								if value != "IPMatch" && value != "ByteMatch" && value != "SqlInjectionMatch" && value != "SizeConstraint" && value != "XssMatch" {
+									errors = append(errors, fmt.Errorf(
+										"%q must be one of IPMatch | ByteMatch | SqlInjectionMatch | SizeConstraint | XssMatch", k))
+								}
+								return
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func resourceAwsWafRegionalRuleCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).wafregionalconn
+	region := meta.(*AWSClient).region
+
+	wr := newWafRegionalRetryer(conn, region)
+	out, err := wr.RetryWithToken(func(token *string) (interface{}, error) {
+		params := &waf.CreateRuleInput{
+			ChangeToken: token,
+			MetricName:  aws.String(d.Get("metric_name").(string)),
+			Name:        aws.String(d.Get("name").(string)),
+		}
+
+		return conn.CreateRule(params)
+	})
+	if err != nil {
+		return err
+	}
+	resp := out.(*waf.CreateRuleOutput)
+	d.SetId(*resp.Rule.RuleId)
+	return resourceAwsWafRegionalRuleUpdate(d, meta)
+}
+
+func resourceAwsWafRegionalRuleRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).wafregionalconn
+
+	params := &waf.GetRuleInput{
+		RuleId: aws.String(d.Id()),
+	}
+
+	resp, err := conn.GetRule(params)
+	if err != nil {
+		if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "WAFNonexistentItemException" {
+			log.Printf("[WARN] WAF Rule (%s) not found, error code (404)", d.Id())
+			d.SetId("")
+			return nil
+		}
+
+		return err
+	}
+
+	var predicates []map[string]interface{}
+
+	for _, predicateSet := range resp.Rule.Predicates {
+		predicate := map[string]interface{}{
+			"negated": *predicateSet.Negated,
+			"type":    *predicateSet.Type,
+			"data_id": *predicateSet.DataId,
+		}
+		predicates = append(predicates, predicate)
+	}
+
+	d.Set("predicates", predicates)
+	d.Set("name", resp.Rule.Name)
+	d.Set("metric_name", resp.Rule.MetricName)
+
+	return nil
+}
+
+func resourceAwsWafRegionalRuleUpdate(d *schema.ResourceData, meta interface{}) error {
+	err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionInsert)
+	if err != nil {
+		return fmt.Errorf("Error Updating WAF Rule: %s", err)
+	}
+	return resourceAwsWafRegionalRuleRead(d, meta)
+}
+
+func resourceAwsWafRegionalRuleDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).wafregionalconn
+	region := meta.(*AWSClient).region
+
+	err := updateWafRegionalRuleResource(d, meta, waf.ChangeActionDelete)
+	if err != nil {
+		return fmt.Errorf("Error Removing WAF Rule Predicates: %s", err)
+	}
+	wr := newWafRegionalRetryer(conn, region)
+	_, err = wr.RetryWithToken(func(token *string) (interface{}, error) {
+		req := &waf.DeleteRuleInput{
+			ChangeToken: token,
+			RuleId:      aws.String(d.Id()),
+		}
+		log.Printf("[INFO] Deleting WAF Rule")
+		return conn.DeleteRule(req)
+	})
+	if err != nil {
+		return fmt.Errorf("Error deleting WAF Rule: %s", err)
+	}
+
+	return nil
+}
+
+func updateWafRegionalRuleResource(d *schema.ResourceData, meta interface{}, ChangeAction string) error {
+	conn := meta.(*AWSClient).wafregionalconn
+	region := meta.(*AWSClient).region
+
+	wr := newWafRegionalRetryer(conn, region)
+	_, err := wr.RetryWithToken(func(token *string) (interface{}, error) {
+		req := &waf.UpdateRuleInput{
+			ChangeToken: token,
+			RuleId:      aws.String(d.Id()),
+		}
+
+		predicatesSet := d.Get("predicates").(*schema.Set)
+		for _, predicateI := range predicatesSet.List() {
+			predicate := predicateI.(map[string]interface{})
+			updatePredicate := &waf.RuleUpdate{
+				Action: aws.String(ChangeAction),
+				Predicate: &waf.Predicate{
+					Negated: aws.Bool(predicate["negated"].(bool)),
+					Type:    aws.String(predicate["type"].(string)),
+					DataId:  aws.String(predicate["data_id"].(string)),
+				},
+			}
+			req.Updates = append(req.Updates, updatePredicate)
+		}
+
+		return conn.UpdateRule(req)
+	})
+	if err != nil {
+		return fmt.Errorf("Error Updating WAF Rule: %s", err)
+	}
+
+	return nil
+}