Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow WAF web ACL rule import #5337

Merged
merged 2 commits into from
Jul 26, 2018

Conversation

julienduchesne
Copy link
Contributor

Fixes #4589

Changes proposed in this pull request:

  • Title says it all
  • The WAF web ACL resource doesn't get rules and I'm guessing if it did, that would conflict with the rule resource so I excluded it from the import test.

Output from acceptance testing:

TESTARGS='-run=TestAccAWSWafWebAcl'  make testacc
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -run=TestAccAWSWafWebAcl -timeout 120m
?       github.com/terraform-providers/terraform-provider-aws   [no test files]
=== RUN   TestAccAWSWafWebAcl_basic
--- PASS: TestAccAWSWafWebAcl_basic (36.13s)
=== RUN   TestAccAWSWafWebAcl_group
--- PASS: TestAccAWSWafWebAcl_group (34.00s)
=== RUN   TestAccAWSWafWebAcl_changeNameForceNew
--- PASS: TestAccAWSWafWebAcl_changeNameForceNew (66.05s)
=== RUN   TestAccAWSWafWebAcl_changeDefaultAction
--- PASS: TestAccAWSWafWebAcl_changeDefaultAction (65.58s)
=== RUN   TestAccAWSWafWebAcl_disappears
--- PASS: TestAccAWSWafWebAcl_disappears (38.07s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       239.855s

@ghost ghost added the size/L Managed by automation to categorize the size of a PR. label Jul 25, 2018
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The rules issues can be found at #4786 and #534 -- while it'd be awesome to fix the d.Set() handling for that attribute, I think we can treat that separately as long as its noted in the import documentation.

@@ -17,6 +17,9 @@ func resourceAwsWafWebAcl() *schema.Resource {
Read: resourceAwsWafWebAclRead,
Update: resourceAwsWafWebAclUpdate,
Delete: resourceAwsWafWebAclDelete,
Importer: &schema.ResourceImporter{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add the ## Import documentation to website/docs/r/waf_web_acl.html.markdown? Thanks! It'd probably also be good to note the rules limitation (for now).

@@ -16,35 +16,44 @@ import (
func TestAccAWSWafWebAcl_basic(t *testing.T) {
var v waf.WebACL
wafAclName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
resourceName := "aws_waf_web_acl.waf_acl"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😍

@bflad bflad added enhancement Requests to existing resources that expand the functionality or scope. waiting-response Maintainers are waiting on response from community or contributor. service/waf Issues and PRs that pertain to the waf service. labels Jul 25, 2018
@ghost ghost added the size/L Managed by automation to categorize the size of a PR. label Jul 26, 2018
@julienduchesne
Copy link
Contributor Author

julienduchesne commented Jul 26, 2018

I added the documentation.

About the rules though, if they are handled by this resource, it will be incompatible with the resource_aws_waf_rule. It can only be handled by one or the other. Otherwise, the resource_aws_waf_web_acl will revoke every rule not added within itself. How do you handle such a case? As I understand it, the general trend is to prefer independant resources to attribute blocks. So the best way to handle this would be to simply remove the rules block in resource_aws_waf_web_acl, no?

Thanks

@bflad bflad removed the waiting-response Maintainers are waiting on response from community or contributor. label Jul 26, 2018
@bflad
Copy link
Contributor

bflad commented Jul 26, 2018

Unless I'm misunderstanding the aws_waf_web_acl resource documentation:

  • rules - (Required) The rules to associate with the web ACL and the settings for each rule.

The rules within the aws_waf_web_acl resource are intended to associate the ordering and actions of various rules/rule groups to form the actual ACL. Rules themselves are created and managed by the aws_waf_rule resource.

@bflad bflad added this to the v1.29.0 milestone Jul 26, 2018
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's get this in! 🚀

5 tests passed (all tests)
=== RUN   TestAccAWSWafWebAcl_basic
--- PASS: TestAccAWSWafWebAcl_basic (43.42s)
=== RUN   TestAccAWSWafWebAcl_group
--- PASS: TestAccAWSWafWebAcl_group (58.59s)
=== RUN   TestAccAWSWafWebAcl_changeNameForceNew
--- PASS: TestAccAWSWafWebAcl_changeNameForceNew (90.89s)
=== RUN   TestAccAWSWafWebAcl_disappears
--- PASS: TestAccAWSWafWebAcl_disappears (97.03s)
=== RUN   TestAccAWSWafWebAcl_changeDefaultAction
--- PASS: TestAccAWSWafWebAcl_changeDefaultAction (106.53s)

@bflad bflad merged commit 153dfbc into hashicorp:master Jul 26, 2018
bflad added a commit that referenced this pull request Jul 26, 2018
@bflad
Copy link
Contributor

bflad commented Jul 26, 2018

This has been released in version 1.29.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@julienduchesne julienduchesne deleted the import-web-acl-rule branch July 26, 2018 10:02
@ghost
Copy link

ghost commented Apr 4, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/waf Issues and PRs that pertain to the waf service. size/L Managed by automation to categorize the size of a PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

aws_waf_web_acl import not supported
2 participants